Révision 95589abd
Ajouté par jim-p il y a presque 10 ans
| etc/inc/ipsec.inc | ||
|---|---|---|
| 669 | 669 |
return $ipaddr; |
| 670 | 670 |
} |
| 671 | 671 |
|
| 672 |
function ipsec_find_id(& $ph1ent, $side = "local", $rgmap = array()) {
|
|
| 673 |
if ($side == "local") {
|
|
| 674 |
$id_type = $ph1ent['myid_type']; |
|
| 675 |
$id_data = $ph1ent['myid_data']; |
|
| 676 |
|
|
| 677 |
$addr = ipsec_get_phase1_src($ph1ent); |
|
| 678 |
if (!$addr) |
|
| 679 |
return array(); |
|
| 680 |
} elseif ($side = "peer") {
|
|
| 681 |
$id_type = $ph1ent['peerid_type']; |
|
| 682 |
$id_data = $ph1ent['peerid_data']; |
|
| 683 |
|
|
| 684 |
if (isset($ph1ent['mobile'])) |
|
| 685 |
$addr = "%any"; |
|
| 686 |
else |
|
| 687 |
$addr = $ph1ent['remote-gateway']; |
|
| 688 |
} else {
|
|
| 689 |
return array(); |
|
| 690 |
} |
|
| 691 |
|
|
| 692 |
|
|
| 693 |
$thisid_type = $id_type; |
|
| 694 |
switch ($thisid_type) {
|
|
| 695 |
case "myaddress": |
|
| 696 |
$thisid_type = "address"; |
|
| 697 |
$thisid_data = $addr; |
|
| 698 |
break; |
|
| 699 |
|
|
| 700 |
case "dyn_dns": |
|
| 701 |
$thisid_type = "address"; |
|
| 702 |
$thisid_data = resolve_retry($id_data); |
|
| 703 |
break; |
|
| 704 |
|
|
| 705 |
case "peeraddress": |
|
| 706 |
$thisid_type = "address"; |
|
| 707 |
$thisid_data = $rgmap[$ph1ent['remote-gateway']]; |
|
| 708 |
break; |
|
| 709 |
|
|
| 710 |
case "address"; |
|
| 711 |
$thisid_data = $id_data; |
|
| 712 |
break; |
|
| 713 |
|
|
| 714 |
case "fqdn"; |
|
| 715 |
case "keyid tag"; |
|
| 716 |
case "user_fqdn"; |
|
| 717 |
case "asn1dn"; |
|
| 718 |
$thisid_data = $id_data; |
|
| 719 |
if( $thisid_data ) |
|
| 720 |
$thisid_data = "{$thisid_data}";
|
|
| 721 |
break; |
|
| 722 |
} |
|
| 723 |
return array($thisid_type, $thisid_data); |
|
| 724 |
} |
|
| 672 | 725 |
?> |
| etc/inc/vpn.inc | ||
|---|---|---|
| 467 | 467 |
} |
| 468 | 468 |
} |
| 469 | 469 |
} else {
|
| 470 |
list ($myid_type, $myid_data) = ipsec_find_id($ph1ent, "local"); |
|
| 471 |
list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, "peer", $rgmap); |
|
| 470 | 472 |
|
| 471 |
$peerid_type = $ph1ent['peerid_type']; |
|
| 472 |
|
|
| 473 |
switch ($peerid_type) {
|
|
| 474 |
case "peeraddress": |
|
| 475 |
$peerid_type = "address"; |
|
| 476 |
$peerid_data = $rgmap[$ph1ent['remote-gateway']]; |
|
| 477 |
break; |
|
| 478 |
|
|
| 479 |
case "address"; |
|
| 480 |
$peerid_data = $ph1ent['peerid_data']; |
|
| 481 |
break; |
|
| 482 |
|
|
| 483 |
case "fqdn"; |
|
| 484 |
case "keyid tag"; |
|
| 485 |
case "user_fqdn"; |
|
| 486 |
$peerid_data = $ph1ent['peerid_data']; |
|
| 487 |
break; |
|
| 488 |
} |
|
| 473 |
if (empty($peerid_data)) |
|
| 474 |
continue; |
|
| 489 | 475 |
|
| 490 |
if (!empty($peerid_data) && !empty($ph1ent['pre-shared-key'])) |
|
| 491 |
$pskconf .= trim($peerid_data) . " : PSK \"" . trim($ph1ent['pre-shared-key']) . "\"\n"; |
|
| 476 |
$myid = isset($ph1ent['mobile']) ? trim($myid_data) . " " : ""; |
|
| 477 |
$peerid = ($peerid_data != "allusers") ? trim($peerid_data) : ""; |
|
| 478 |
if (!empty($ph1ent['pre-shared-key'])) |
|
| 479 |
$pskconf .= $myid . $peerid . " : PSK \"" . trim($ph1ent['pre-shared-key']) . "\"\n"; |
|
| 492 | 480 |
} |
| 493 | 481 |
} |
| 494 | 482 |
} |
| ... | ... | |
| 561 | 549 |
if (!empty($ph1ent['iketype']) && $ph1ent['iketype'] != "ikev1") |
| 562 | 550 |
$keyexchange = "ikev2"; |
| 563 | 551 |
|
| 564 |
$myid_type = $ph1ent['myid_type']; |
|
| 565 |
switch ($myid_type) {
|
|
| 566 |
case "myaddress": |
|
| 567 |
$myid_type = "address"; |
|
| 568 |
$myid_data = $ep; |
|
| 569 |
break; |
|
| 570 |
|
|
| 571 |
case "dyn_dns": |
|
| 572 |
$myid_type = "address"; |
|
| 573 |
$myid_data = resolve_retry($ph1ent['myid_data']); |
|
| 574 |
break; |
|
| 575 |
|
|
| 576 |
case "address"; |
|
| 577 |
$myid_data = $ph1ent['myid_data']; |
|
| 578 |
break; |
|
| 579 |
|
|
| 580 |
case "fqdn"; |
|
| 581 |
case "keyid tag"; |
|
| 582 |
case "user_fqdn"; |
|
| 583 |
case "asn1dn"; |
|
| 584 |
$myid_data = $ph1ent['myid_data']; |
|
| 585 |
if( $myid_data ) |
|
| 586 |
$myid_data = "{$myid_data}";
|
|
| 587 |
break; |
|
| 588 |
} |
|
| 589 |
|
|
| 590 |
$peerid_type = $ph1ent['peerid_type']; |
|
| 591 |
switch ($peerid_type) {
|
|
| 592 |
case "peeraddress": |
|
| 593 |
$peerid_type = "address"; |
|
| 594 |
$peerid_data = $rgip; |
|
| 595 |
break; |
|
| 596 |
|
|
| 597 |
case "address"; |
|
| 598 |
$peerid_data = $ph1ent['peerid_data']; |
|
| 599 |
break; |
|
| 600 |
|
|
| 601 |
case "fqdn"; |
|
| 602 |
case "keyid tag"; |
|
| 603 |
case "user_fqdn"; |
|
| 604 |
case "asn1dn"; |
|
| 605 |
$peerid_data = $ph1ent['peerid_data']; |
|
| 606 |
if( $peerid_data ) |
|
| 607 |
$peerid_data = "{$peerid_data}";
|
|
| 608 |
break; |
|
| 609 |
} |
|
| 552 |
list ($myid_type, $myid_data) = ipsec_find_id($ph1ent, "local"); |
|
| 553 |
list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, "peer", $rgmap); |
|
| 610 | 554 |
|
| 611 | 555 |
/* Only specify peer ID if we are not dealing with a mobile PSK-only tunnel */ |
| 612 | 556 |
$peerid_spec = ''; |
Formats disponibles : Unified diff
Move duplicated code into a function; Include local ID on mobile tunnel key line in ipsec.secrets.