webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

IPsec: Update ipsec.conf for GRE/VTI changes

Browse Source 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This commit is contained in:
Michael Tremer
2018-11-28 20:37:32 +00:00
parent 55842dda69
commit b01c17e9d0
1 changed files with 23 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
html/cgi-bin/vpnmain.cgi
View File

@@ -295,15 +295,31 @@ sub writeipsecfiles {
$localside = $lvpnsettings{'VPN_IP'};
}
my $interface_mode = $lconfighash{$key}[36];
print CONF "conn $lconfighash{$key}[1]\n";
print CONF "\tleft=$localside\n";
print CONF "\tleftsubnet=" . &make_subnets($lconfighash{$key}[8]) . "\n";
if ($interface_mode eq "gre") {
print CONF "\tleftsubnet=%dynamic[gre]\n";
} elsif ($interface_mode eq "vti") {
print CONF "\tleftsubnet=0.0.0.0/0\n";
} else {
print CONF "\tleftsubnet=" . &make_subnets($lconfighash{$key}[8]) . "\n";
}
print CONF "\tleftfirewall=yes\n";
print CONF "\tlefthostaccess=yes\n";
print CONF "\tright=$lconfighash{$key}[10]\n";
if ($lconfighash{$key}[3] eq 'net') {
print CONF "\trightsubnet=" . &make_subnets($lconfighash{$key}[11]) . "\n";
if ($interface_mode eq "gre") {
print CONF "\trightsubnet=%dynamic[gre]\n";
} elsif ($interface_mode eq "vti") {
print CONF "\trightsubnet=0.0.0.0/0\n";
} else {
print CONF "\trightsubnet=" . &make_subnets($lconfighash{$key}[11]) . "\n";
}
}
# Local Cert and Remote Cert (unless auth is DN dn-auth)
@@ -323,6 +339,11 @@ sub writeipsecfiles {
print CONF "\ttype=tunnel\n";
}
# Add mark for VTI
if ($interface_mode eq "vti") {
print CONF "\tmark=$key\n";
}
# Is PFS enabled?
my $pfs = $lconfighash{$key}[28] eq 'on' ? 'on' : 'off';