Révision c650b2f7
Ajouté par Ermal il y a plus de 9 ans
| etc/inc/vpn.inc | ||
|---|---|---|
| 693 | 693 |
$ph2ent['pfsgroup'] = $a_client['pfs_group']; |
| 694 | 694 |
|
| 695 | 695 |
if ($ph2ent['protocol'] == 'esp') {
|
| 696 |
if (is_array($ph2ent['encryption-algorithm-option']) && is_array($ph2ent['hash-algorithm-option'])) {
|
|
| 696 |
if (is_array($ph2ent['encryption-algorithm-option'])) {
|
|
| 697 | 697 |
foreach ($ph2ent['encryption-algorithm-option'] as $ealg) {
|
| 698 | 698 |
$ealg_id = $ealg['name']; |
| 699 | 699 |
$ealg_kl = $ealg['keylen']; |
| ... | ... | |
| 709 | 709 |
* seconds wrecking bootup */ |
| 710 | 710 |
if ($key_hi != 0 and $key_lo !=0 and $key_step !=0) {
|
| 711 | 711 |
for ($keylen = $key_hi; $keylen >= $key_lo; $keylen -= $key_step) {
|
| 712 |
foreach ($ph2ent['hash-algorithm-option'] as $halgo) {
|
|
| 713 |
$halgo = str_replace('hmac_', '', $halgo);
|
|
| 714 |
$tmpealgo = "{$ealg_id}{$keylen}-{$halgo}";
|
|
| 712 |
if (!empty($ph2ent['hash-algorithm-option']) && is_array($ph2ent['hash-algorithm-option'])) {
|
|
| 713 |
foreach ($ph2ent['hash-algorithm-option'] as $halgo) {
|
|
| 714 |
$halgo = str_replace('hmac_', '', $halgo);
|
|
| 715 |
$tmpealgo = "{$ealg_id}{$keylen}-{$halgo}";
|
|
| 716 |
$modp = vpn_ipsec_convert_to_modp($ph2ent['pfsgroup']); |
|
| 717 |
if (!empty($modp)) |
|
| 718 |
$tmpealgo .= "-{$modp}";
|
|
| 719 |
$ealgoESPsp2arr[] = $tmpealgo; |
|
| 720 |
} |
|
| 721 |
} else {
|
|
| 722 |
$tmpealgo = "{$ealg_id}{$keylen}";
|
|
| 715 | 723 |
$modp = vpn_ipsec_convert_to_modp($ph2ent['pfsgroup']); |
| 716 | 724 |
if (!empty($modp)) |
| 717 | 725 |
$tmpealgo .= "-{$modp}";
|
| ... | ... | |
| 720 | 728 |
} |
| 721 | 729 |
} |
| 722 | 730 |
} else {
|
| 723 |
foreach ($ph2ent['hash-algorithm-option'] as $halgo) {
|
|
| 724 |
$halgo = str_replace('hmac_', '', $halgo);
|
|
| 725 |
$tmpealgo = "{$ealg_id}{$ealg_kl}-{$halgo}";
|
|
| 731 |
if (!empty($ph2ent['hash-algorithm-option']) && is_array($ph2ent['hash-algorithm-option'])) {
|
|
| 732 |
foreach ($ph2ent['hash-algorithm-option'] as $halgo) {
|
|
| 733 |
$halgo = str_replace('hmac_', '', $halgo);
|
|
| 734 |
$tmpealgo = "{$ealg_id}{$ealg_kl}-{$halgo}";
|
|
| 735 |
$modp = vpn_ipsec_convert_to_modp($ph2ent['pfsgroup']); |
|
| 736 |
if (!empty($modp)) |
|
| 737 |
$tmpealgo .= "-{$modp}";
|
|
| 738 |
$ealgoESPsp2arr[] = $tmpealgo; |
|
| 739 |
} |
|
| 740 |
} else {
|
|
| 741 |
$tmpealgo = "{$ealg_id}{$ealg_kl}";
|
|
| 726 | 742 |
$modp = vpn_ipsec_convert_to_modp($ph2ent['pfsgroup']); |
| 727 | 743 |
if (!empty($modp)) |
| 728 | 744 |
$tmpealgo .= "-{$modp}";
|
| ... | ... | |
| 732 | 748 |
} |
| 733 | 749 |
} |
| 734 | 750 |
} else if ($ph2ent['protocol'] == 'ah') {
|
| 735 |
if (is_array($ph2ent['hash-algorithm-option'])) {
|
|
| 751 |
if (!empty($ph2ent['hash-algorithm-option']) && is_array($ph2ent['hash-algorithm-option'])) {
|
|
| 736 | 752 |
$modp = vpn_ipsec_convert_to_modp($ph2ent['pfsgroup']); |
| 737 | 753 |
foreach ($ph2ent['hash-algorithm-option'] as $tmpAHalgo) {
|
| 738 | 754 |
$tmpAHalgo = str_replace('hmac_', '', $tmpAHalgo);
|
| ... | ... | |
| 784 | 800 |
$ipsecconf .= "\t{$ealgosp1}\n";
|
| 785 | 801 |
if (!empty($ealgoAHsp2arr)) |
| 786 | 802 |
$ipsecconf .= "\tah = " . join(',', $ealgoAHsp2arr) . "!\n";
|
| 787 |
if (!empty($ealgoESPsp2arr)) |
|
| 803 |
if (!empty($ealgoESPsp2arr)) {
|
|
| 804 |
file_put_contents("/var/etc/ipsec/dump_test", print_r($ealgoESPsp2arr, true));
|
|
| 788 | 805 |
$ipsecconf .= "\tesp = " . join(',', $ealgoESPsp2arr) . "!\n";
|
| 806 |
} |
|
| 789 | 807 |
if (!empty($authentication)) |
| 790 | 808 |
$ipsecconf .= "\t{$authentication}\n";
|
| 791 | 809 |
if (!empty($peerid_spec)) |
Formats disponibles : Unified diff
Allow HASH algorithms to be empty for phase2 in case the encryption one is AES-GCM