324 |
324 |
global $config;
|
325 |
325 |
|
326 |
326 |
if (!is_array($config['ipsec']))
|
327 |
|
return;
|
|
327 |
return false;
|
328 |
328 |
if (!is_array($config['ipsec']['phase1']))
|
329 |
|
return;
|
|
329 |
return false;
|
330 |
330 |
if (empty($config['ipsec']['phase1']))
|
331 |
|
return;
|
|
331 |
return false;
|
332 |
332 |
|
333 |
333 |
foreach ($config['ipsec']['phase1'] as $ph1tmp) {
|
334 |
334 |
if ($ph1tmp['ikeid'] == $ph2ent['ikeid']) {
|
... | ... | |
343 |
343 |
/*
|
344 |
344 |
* Check phase1 communications status
|
345 |
345 |
*/
|
346 |
|
function ipsec_phase1_status(& $ph1ent) {
|
|
346 |
function ipsec_phase1_status($ipsec_status, $ikeid) {
|
347 |
347 |
|
348 |
|
$loc_ip = get_ipsec_tunnel_src($ph1ent);
|
349 |
|
$rmt_ip = $ph1ent['remote-gateway'];
|
350 |
|
|
351 |
|
if (ipsec_lookup_ipsakmp_sa($loc_ip,$rmt_ip))
|
352 |
|
return true;
|
|
348 |
foreach ($ipsec_status as $ike) {
|
|
349 |
if ($ike['peerconfig'] != "con{$ikeid}")
|
|
350 |
continue;
|
|
351 |
if ($ike['status'] == "established")
|
|
352 |
return true;
|
|
353 |
break;
|
|
354 |
}
|
353 |
355 |
|
354 |
356 |
return false;
|
355 |
357 |
}
|
... | ... | |
357 |
359 |
/*
|
358 |
360 |
* Check phase2 communications status
|
359 |
361 |
*/
|
360 |
|
function ipsec_phase2_status(& $spd,& $sad,& $ph1ent,& $ph2ent) {
|
361 |
|
|
362 |
|
$loc_ip = ipsec_get_phase1_src($ph1ent);
|
363 |
|
$rmt_ip = ipsec_get_phase1_dst($ph1ent);
|
|
362 |
function ipsec_phase2_status($ipsec_status, &$phase2) {
|
364 |
363 |
|
365 |
|
$loc_id = ipsec_idinfo_to_cidr($ph2ent['localid'],true,$ph2ent['mode']);
|
366 |
|
if (!empty($ph2ent['natlocalid']))
|
367 |
|
$natloc_id = ipsec_idinfo_to_cidr($ph2ent['natlocalid'],true,$ph2ent['mode']);
|
368 |
|
$rmt_id = ipsec_idinfo_to_cidr($ph2ent['remoteid'],true,$ph2ent['mode']);
|
369 |
|
|
370 |
|
/* check for established SA in both directions */
|
371 |
|
if( ipsec_lookup_ipsec_sa($spd,$sad,"out",$loc_ip,$rmt_ip,$loc_id,$rmt_id)) {
|
372 |
|
if (empty($ph2ent['natlocalid']) && ipsec_lookup_ipsec_sa($spd,$sad,"in",$rmt_ip,$loc_ip,$rmt_id,$loc_id))
|
373 |
|
return true;
|
374 |
|
else if (!empty($ph2ent['natlocalid']) && ipsec_lookup_ipsec_sa($spd,$sad,"out",$loc_ip,$rmt_ip,$loc_id,$rmt_id))
|
375 |
|
return true;
|
376 |
|
}
|
|
364 |
if (ipsec_lookup_phase1($ph2ent,$ph1ent))
|
|
365 |
return ipsec_phase1_status($ipsec_status, $ph1ent['ikeid']);
|
377 |
366 |
|
378 |
367 |
return false;
|
379 |
368 |
}
|
Correct the functions for returning tunnel status to use strongswan status reports