Projet

Général

Profil

« Précédent | Suivant » 

Révision ae170e96

Ajouté par Ermal il y a plus de 9 ans

Do not allow duplicate subnet entries on left|rightsubnet specification since it will blackhole all traffic to that subnet when connection is setup as route

Voir les différences:

etc/inc/vpn.inc
660 660 
							}
661 661 
						}
662 662 

  		




  663
  
  
    
						$leftsubnet_spec[] = $leftsubnet_data;


  		




  
  663
  
    
						if (empty($leftsubnet_spec[$leftsubnet_data]))


  		




  
  664
  
    
							$leftsubnet_spec[$leftsubnet_data] = $leftsubnet_data;


  		




  664
  665
  
    

  		




  665
  666
  
    
						if (!isset($ph2ent['mobile'])) {


  		




  666
  
  
    
							$rightsubnet_spec[] = ipsec_idinfo_to_cidr($ph2ent['remoteid'], false, $ph2ent['mode']);


  		




  
  667
  
    
							$tmpsubnet = ipsec_idinfo_to_cidr($ph2ent['remoteid'], false, $ph2ent['mode']);


  		




  
  668
  
    
							if (empty($rightsubnet_spec[$tmpsubnet]))


  		




  
  669
  
    
								$rightsubnet_spec[$tmpsubnet] = $tmpsubnet;


  		




  667
  670
  
    
						} else if (!empty($a_client['pool_address'])) {


  		




  668
  
  
    
							$rightsubnet_spec[] = "{$a_client['pool_address']}/{$a_client['pool_netbits']}";


  		




  
  671
  
    
							if (empty($rightsubnet_spec["{$a_client['pool_address']}/{$a_client['pool_netbits']}"]))


  		




  
  672
  
    
								$rightsubnet_spec["{$a_client['pool_address']}/{$a_client['pool_netbits']}"] = "{$a_client['pool_address']}/{$a_client['pool_netbits']}";


  		




  669
  673
  
    
						}


  		




  670
  674
  
    
					} else {


  		




  671
  675
  
    
						$tunneltype = "type = transport";


  		




  ......




  674
  678
  
    
						    ($ph1ent['authentication_method'] == "pre_shared_key")) && isset($ph1ent['mobile'])) {


  		




  675
  679
  
    
							$left_spec = "%any";


  		




  676
  680
  
    
						} else {


  		




  677
  
  
    
							$leftsubnet_spec[] = ipsec_get_phase1_src($ph1ent);


  		




  
  681
  
    
							$tmpsubnet = ipsec_get_phase1_src($ph1ent);


  		




  
  682
  
    
							if ($leftsubnet_spec[$tmpsubnet])


  		




  
  683
  
    
								$leftsubnet_spec[$tmpsubnet] = $tmpsubnet;


  		




  678
  684
  
    
						}


  		




  679
  685
  
    

  		




  680
  
  
    
						if (!isset($ph2ent['mobile']))


  		




  681
  
  
    
							$rightsubnet_spec[] = $right_spec;


  		




  
  686
  
    
						if (!isset($ph2ent['mobile'])) {


  		




  
  687
  
    
							if (empty($rightsubnet_spec[$right_spec]))


  		




  
  688
  
    
								$rightsubnet_spec[$right_spec] = $right_spec;


  		




  
  689
  
    
						}


  		




  682
  690
  
    
					}


  		




  683
  691
  
    

  		




  684
  692
  
    
					if (isset($a_client['pfs_group']))


  		












Formats disponibles :  Unified diff