Révision a3331d72
Ajouté par Matt Smith il y a plus de 9 ans
| etc/inc/vpn.inc | ||
|---|---|---|
| 194 | 194 |
if ($ph2ent['pinghost']) {
|
| 195 | 195 |
if (!is_array($iflist)) |
| 196 | 196 |
$iflist = get_configured_interface_list(); |
| 197 |
foreach ($iflist as $ifent => $ifname) {
|
|
| 198 |
if(is_ipaddrv6($ph2ent['pinghost'])) {
|
|
| 197 |
$viplist = get_configured_vips_list(); |
|
| 198 |
$srcip = null; |
|
| 199 |
$local_subnet = ipsec_idinfo_to_cidr($ph2ent['localid'], true, $ph2ent['mode']); |
|
| 200 |
if(is_ipaddrv6($ph2ent['pinghost'])) {
|
|
| 201 |
foreach ($iflist as $ifent => $ifname) {
|
|
| 199 | 202 |
$interface_ip = get_interface_ipv6($ifent); |
| 200 | 203 |
if(!is_ipaddrv6($interface_ip)) |
| 201 | 204 |
continue; |
| ... | ... | |
| 204 | 207 |
$srcip = $interface_ip; |
| 205 | 208 |
break; |
| 206 | 209 |
} |
| 207 |
} else {
|
|
| 210 |
} |
|
| 211 |
} else {
|
|
| 212 |
foreach ($iflist as $ifent => $ifname) {
|
|
| 208 | 213 |
$interface_ip = get_interface_ip($ifent); |
| 209 | 214 |
if(!is_ipaddrv4($interface_ip)) |
| 210 | 215 |
continue; |
| 211 |
$local_subnet = ipsec_idinfo_to_cidr($ph2ent['localid'], true, $ph2ent['mode']); |
|
| 212 | 216 |
if ($local_subnet == "0.0.0.0/0" || ip_in_subnet($interface_ip, $local_subnet)) {
|
| 213 | 217 |
$srcip = $interface_ip; |
| 214 | 218 |
break; |
| 215 | 219 |
} |
| 216 | 220 |
} |
| 217 | 221 |
} |
| 222 |
/* if no valid src IP was found in configured interfaces, try the vips */ |
|
| 223 |
if (is_null($srcip)) {
|
|
| 224 |
foreach ($viplist as $vip) {
|
|
| 225 |
if (ip_in_subnet($vip['ipaddr'], $local_subnet)) {
|
|
| 226 |
$srcip = $vip['ipaddr']; |
|
| 227 |
break; |
|
| 228 |
} |
|
| 229 |
} |
|
| 230 |
} |
|
| 218 | 231 |
$dstip = $ph2ent['pinghost']; |
| 219 | 232 |
if(is_ipaddrv6($dstip)) {
|
| 220 | 233 |
$family = "inet6"; |
Formats disponibles : Unified diff
Fix #3798 - 'IPsec phase 2 pinghost is not used if the source IP should be a virtual IP address'