Projet

Général

Profil

« Précédent | Suivant » 

Révision dc63467f

Ajouté par Matt Smith il y a plus de 9 ans

Fix #3798 - 'IPsec phase 2 pinghost is not used if the source IP should be a virtual IP address'

Voir les différences:

etc/inc/vpn.inc
219 219 
						if ($ph2ent['pinghost']) {
220 220 
							if (!is_array($iflist))
221 221 
								$iflist = get_configured_interface_list();
222 
							foreach ($iflist as $ifent => $ifname) {
223 
								if(is_ipaddrv6($ph2ent['pinghost'])) {
222 
							$viplist = get_configured_vips_list();
223 
							$srcip = null;
224 
							$local_subnet = ipsec_idinfo_to_cidr($ph2ent['localid'], true, $ph2ent['mode']);
225 
							if(is_ipaddrv6($ph2ent['pinghost'])) {
226 
								foreach ($iflist as $ifent => $ifname) {
224 227 
									$interface_ip = get_interface_ipv6($ifent);
225 228 
									if(!is_ipaddrv6($interface_ip))
226 229 
										continue;
227 
									$local_subnet = ipsec_idinfo_to_cidr($ph2ent['localid'], true, $ph2ent['mode']);
228 230 
									if (ip_in_subnet($interface_ip, $local_subnet)) {
229 231 
										$srcip = $interface_ip;
230 232 
										break;
231 233 
									}
232 
								} else {
234 
								}
235 
							} else {
236 
								foreach ($iflist as $ifent => $ifname) {
233 237 
									$interface_ip = get_interface_ip($ifent);
234 238 
									if(!is_ipaddrv4($interface_ip))
235 239 
										continue;
236 
									$local_subnet = ipsec_idinfo_to_cidr($ph2ent['localid'], true, $ph2ent['mode']);
237 240 
									if ($local_subnet == "0.0.0.0/0" || ip_in_subnet($interface_ip, $local_subnet)) {
238 241 
										$srcip = $interface_ip;
239 242 
										break;
240 243 
									}
241 244 
								}
242 245 
							}
246 
							/* if no valid src IP was found in configured interfaces, try the vips */
247 
							if (is_null($srcip)) {
248 
								foreach ($viplist as $vip) {
249 
									if (ip_in_subnet($vip['ipaddr'], $local_subnet)) {
250 
										$srcip = $vip['ipaddr'];
251 
										break;
252 
									}
253 
								}
254 
							}
243 255 
							$dstip = $ph2ent['pinghost'];
244 256 
							if(is_ipaddrv6($dstip)) {
245 257 
								$family = "inet6";

Formats disponibles : Unified diff