Révision a3331d72
Ajouté par Matt Smith il y a plus de 9 ans
etc/inc/vpn.inc | ||
---|---|---|
194 | 194 |
if ($ph2ent['pinghost']) { |
195 | 195 |
if (!is_array($iflist)) |
196 | 196 |
$iflist = get_configured_interface_list(); |
197 |
foreach ($iflist as $ifent => $ifname) { |
|
198 |
if(is_ipaddrv6($ph2ent['pinghost'])) { |
|
197 |
$viplist = get_configured_vips_list(); |
|
198 |
$srcip = null; |
|
199 |
$local_subnet = ipsec_idinfo_to_cidr($ph2ent['localid'], true, $ph2ent['mode']); |
|
200 |
if(is_ipaddrv6($ph2ent['pinghost'])) { |
|
201 |
foreach ($iflist as $ifent => $ifname) { |
|
199 | 202 |
$interface_ip = get_interface_ipv6($ifent); |
200 | 203 |
if(!is_ipaddrv6($interface_ip)) |
201 | 204 |
continue; |
... | ... | |
204 | 207 |
$srcip = $interface_ip; |
205 | 208 |
break; |
206 | 209 |
} |
207 |
} else { |
|
210 |
} |
|
211 |
} else { |
|
212 |
foreach ($iflist as $ifent => $ifname) { |
|
208 | 213 |
$interface_ip = get_interface_ip($ifent); |
209 | 214 |
if(!is_ipaddrv4($interface_ip)) |
210 | 215 |
continue; |
211 |
$local_subnet = ipsec_idinfo_to_cidr($ph2ent['localid'], true, $ph2ent['mode']); |
|
212 | 216 |
if ($local_subnet == "0.0.0.0/0" || ip_in_subnet($interface_ip, $local_subnet)) { |
213 | 217 |
$srcip = $interface_ip; |
214 | 218 |
break; |
215 | 219 |
} |
216 | 220 |
} |
217 | 221 |
} |
222 |
/* if no valid src IP was found in configured interfaces, try the vips */ |
|
223 |
if (is_null($srcip)) { |
|
224 |
foreach ($viplist as $vip) { |
|
225 |
if (ip_in_subnet($vip['ipaddr'], $local_subnet)) { |
|
226 |
$srcip = $vip['ipaddr']; |
|
227 |
break; |
|
228 |
} |
|
229 |
} |
|
230 |
} |
|
218 | 231 |
$dstip = $ph2ent['pinghost']; |
219 | 232 |
if(is_ipaddrv6($dstip)) { |
220 | 233 |
$family = "inet6"; |
Formats disponibles : Unified diff
Fix #3798 - 'IPsec phase 2 pinghost is not used if the source IP should be a virtual IP address'