Révision c650b2f7
Ajouté par Ermal il y a plus de 9 ans
etc/inc/vpn.inc | ||
---|---|---|
693 | 693 |
$ph2ent['pfsgroup'] = $a_client['pfs_group']; |
694 | 694 |
|
695 | 695 |
if ($ph2ent['protocol'] == 'esp') { |
696 |
if (is_array($ph2ent['encryption-algorithm-option']) && is_array($ph2ent['hash-algorithm-option'])) {
|
|
696 |
if (is_array($ph2ent['encryption-algorithm-option'])) { |
|
697 | 697 |
foreach ($ph2ent['encryption-algorithm-option'] as $ealg) { |
698 | 698 |
$ealg_id = $ealg['name']; |
699 | 699 |
$ealg_kl = $ealg['keylen']; |
... | ... | |
709 | 709 |
* seconds wrecking bootup */ |
710 | 710 |
if ($key_hi != 0 and $key_lo !=0 and $key_step !=0) { |
711 | 711 |
for ($keylen = $key_hi; $keylen >= $key_lo; $keylen -= $key_step) { |
712 |
foreach ($ph2ent['hash-algorithm-option'] as $halgo) { |
|
713 |
$halgo = str_replace('hmac_', '', $halgo); |
|
714 |
$tmpealgo = "{$ealg_id}{$keylen}-{$halgo}"; |
|
712 |
if (!empty($ph2ent['hash-algorithm-option']) && is_array($ph2ent['hash-algorithm-option'])) { |
|
713 |
foreach ($ph2ent['hash-algorithm-option'] as $halgo) { |
|
714 |
$halgo = str_replace('hmac_', '', $halgo); |
|
715 |
$tmpealgo = "{$ealg_id}{$keylen}-{$halgo}"; |
|
716 |
$modp = vpn_ipsec_convert_to_modp($ph2ent['pfsgroup']); |
|
717 |
if (!empty($modp)) |
|
718 |
$tmpealgo .= "-{$modp}"; |
|
719 |
$ealgoESPsp2arr[] = $tmpealgo; |
|
720 |
} |
|
721 |
} else { |
|
722 |
$tmpealgo = "{$ealg_id}{$keylen}"; |
|
715 | 723 |
$modp = vpn_ipsec_convert_to_modp($ph2ent['pfsgroup']); |
716 | 724 |
if (!empty($modp)) |
717 | 725 |
$tmpealgo .= "-{$modp}"; |
... | ... | |
720 | 728 |
} |
721 | 729 |
} |
722 | 730 |
} else { |
723 |
foreach ($ph2ent['hash-algorithm-option'] as $halgo) { |
|
724 |
$halgo = str_replace('hmac_', '', $halgo); |
|
725 |
$tmpealgo = "{$ealg_id}{$ealg_kl}-{$halgo}"; |
|
731 |
if (!empty($ph2ent['hash-algorithm-option']) && is_array($ph2ent['hash-algorithm-option'])) { |
|
732 |
foreach ($ph2ent['hash-algorithm-option'] as $halgo) { |
|
733 |
$halgo = str_replace('hmac_', '', $halgo); |
|
734 |
$tmpealgo = "{$ealg_id}{$ealg_kl}-{$halgo}"; |
|
735 |
$modp = vpn_ipsec_convert_to_modp($ph2ent['pfsgroup']); |
|
736 |
if (!empty($modp)) |
|
737 |
$tmpealgo .= "-{$modp}"; |
|
738 |
$ealgoESPsp2arr[] = $tmpealgo; |
|
739 |
} |
|
740 |
} else { |
|
741 |
$tmpealgo = "{$ealg_id}{$ealg_kl}"; |
|
726 | 742 |
$modp = vpn_ipsec_convert_to_modp($ph2ent['pfsgroup']); |
727 | 743 |
if (!empty($modp)) |
728 | 744 |
$tmpealgo .= "-{$modp}"; |
... | ... | |
732 | 748 |
} |
733 | 749 |
} |
734 | 750 |
} else if ($ph2ent['protocol'] == 'ah') { |
735 |
if (is_array($ph2ent['hash-algorithm-option'])) { |
|
751 |
if (!empty($ph2ent['hash-algorithm-option']) && is_array($ph2ent['hash-algorithm-option'])) {
|
|
736 | 752 |
$modp = vpn_ipsec_convert_to_modp($ph2ent['pfsgroup']); |
737 | 753 |
foreach ($ph2ent['hash-algorithm-option'] as $tmpAHalgo) { |
738 | 754 |
$tmpAHalgo = str_replace('hmac_', '', $tmpAHalgo); |
... | ... | |
784 | 800 |
$ipsecconf .= "\t{$ealgosp1}\n"; |
785 | 801 |
if (!empty($ealgoAHsp2arr)) |
786 | 802 |
$ipsecconf .= "\tah = " . join(',', $ealgoAHsp2arr) . "!\n"; |
787 |
if (!empty($ealgoESPsp2arr)) |
|
803 |
if (!empty($ealgoESPsp2arr)) { |
|
804 |
file_put_contents("/var/etc/ipsec/dump_test", print_r($ealgoESPsp2arr, true)); |
|
788 | 805 |
$ipsecconf .= "\tesp = " . join(',', $ealgoESPsp2arr) . "!\n"; |
806 |
} |
|
789 | 807 |
if (!empty($authentication)) |
790 | 808 |
$ipsecconf .= "\t{$authentication}\n"; |
791 | 809 |
if (!empty($peerid_spec)) |
Formats disponibles : Unified diff
Allow HASH algorithms to be empty for phase2 in case the encryption one is AES-GCM