Révision dc63467f
Ajouté par Matt Smith il y a plus de 9 ans
etc/inc/vpn.inc | ||
---|---|---|
219 | 219 |
if ($ph2ent['pinghost']) { |
220 | 220 |
if (!is_array($iflist)) |
221 | 221 |
$iflist = get_configured_interface_list(); |
222 |
foreach ($iflist as $ifent => $ifname) { |
|
223 |
if(is_ipaddrv6($ph2ent['pinghost'])) { |
|
222 |
$viplist = get_configured_vips_list(); |
|
223 |
$srcip = null; |
|
224 |
$local_subnet = ipsec_idinfo_to_cidr($ph2ent['localid'], true, $ph2ent['mode']); |
|
225 |
if(is_ipaddrv6($ph2ent['pinghost'])) { |
|
226 |
foreach ($iflist as $ifent => $ifname) { |
|
224 | 227 |
$interface_ip = get_interface_ipv6($ifent); |
225 | 228 |
if(!is_ipaddrv6($interface_ip)) |
226 | 229 |
continue; |
227 |
$local_subnet = ipsec_idinfo_to_cidr($ph2ent['localid'], true, $ph2ent['mode']); |
|
228 | 230 |
if (ip_in_subnet($interface_ip, $local_subnet)) { |
229 | 231 |
$srcip = $interface_ip; |
230 | 232 |
break; |
231 | 233 |
} |
232 |
} else { |
|
234 |
} |
|
235 |
} else { |
|
236 |
foreach ($iflist as $ifent => $ifname) { |
|
233 | 237 |
$interface_ip = get_interface_ip($ifent); |
234 | 238 |
if(!is_ipaddrv4($interface_ip)) |
235 | 239 |
continue; |
236 |
$local_subnet = ipsec_idinfo_to_cidr($ph2ent['localid'], true, $ph2ent['mode']); |
|
237 | 240 |
if ($local_subnet == "0.0.0.0/0" || ip_in_subnet($interface_ip, $local_subnet)) { |
238 | 241 |
$srcip = $interface_ip; |
239 | 242 |
break; |
240 | 243 |
} |
241 | 244 |
} |
242 | 245 |
} |
246 |
/* if no valid src IP was found in configured interfaces, try the vips */ |
|
247 |
if (is_null($srcip)) { |
|
248 |
foreach ($viplist as $vip) { |
|
249 |
if (ip_in_subnet($vip['ipaddr'], $local_subnet)) { |
|
250 |
$srcip = $vip['ipaddr']; |
|
251 |
break; |
|
252 |
} |
|
253 |
} |
|
254 |
} |
|
243 | 255 |
$dstip = $ph2ent['pinghost']; |
244 | 256 |
if(is_ipaddrv6($dstip)) { |
245 | 257 |
$family = "inet6"; |
Formats disponibles : Unified diff
Fix #3798 - 'IPsec phase 2 pinghost is not used if the source IP should be a virtual IP address'