mirrors/pfsense
2
0
Fork 0
mirror of https://github.com/pfsense/pfsense.git synced 2025-10-26 11:38:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

Don't enable interfaces_use by default. Add checkbox to enable on Advanced

Browse Source 
tab, in case there are scenarios where it's desirable. Ticket #4341
This commit is contained in:
Chris Buechler 2015-03-10 17:17:10 -05:00
parent 30ea15dc63
commit 24acc8f466
2 changed files with 25 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
etc/inc/vpn.inc
View File

@ -342,8 +342,12 @@ function vpn_ipsec_configure($restart = false)
$unity_enabled = 'no';
}
if (!empty($ifacesuse)) {
$ifacesuse = 'interfaces_use = ' . implode(',', array_unique($ifacesuse));
if (isset($config['ipsec']['enableinterfacesuse'])) {
if (!empty($ifacesuse)) {
$ifacesuse = 'interfaces_use = ' . implode(',', array_unique($ifacesuse));
} else {
$ifacesuse = '';
}
} else {
$ifacesuse = '';
}

19
usr/local/www/vpn_ipsec_settings.php
View File

@ -47,6 +47,7 @@ foreach ($ipsec_loglevels as $lkey => $ldescr) {
}
$pconfig['unityplugin'] = isset($config['ipsec']['unityplugin']);
$pconfig['compression'] = isset($config['ipsec']['compression']);
$pconfig['enableinterfacesuse'] = isset($config['ipsec']['enableinterfacesuse']);
$pconfig['acceptunencryptedmainmode'] = isset($config['ipsec']['acceptunencryptedmainmode']);
$pconfig['maxmss_enable'] = isset($config['system']['maxmss_enable']);
$pconfig['maxmss'] = $config['system']['maxmss'];
@ -134,6 +135,15 @@ if ($_POST) {
$needsrestart = true;
unset($config['ipsec']['compression']);
}
if($_POST['enableinterfacesuse'] == "yes") {
if (!isset($config['ipsec']['enableinterfacesuse']))
$needsrestart = true;
$config['ipsec']['enableinterfacesuse'] = true;
} elseif (isset($config['ipsec']['enableinterfacesuse'])) {
$needsrestart = true;
unset($config['ipsec']['enableinterfacesuse']);
}
if($_POST['unityplugin'] == "yes") {
if (!isset($config['ipsec']['unityplugin']))
@ -295,6 +305,15 @@ function maxmss_checked(obj) {
<?=gettext("IPComp compression of content is proposed on the connection."); ?>
</td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?=gettext("Strict interface binding"); ?></td>
<td width="78%" class="vtable">
<input name="enableinterfacesuse" type="checkbox" id="enableinterfacesuse" value="yes" <?php if ($pconfig['enableinterfacesuse']) echo "checked=\"checked\""; ?> />
<strong><?=gettext("Enable strict interface binding"); ?></strong>
<br />
<?=gettext("Enable strongSwan's interfaces_use option to bind specific interfaces only. This option is known to break IPsec with dynamic IP interfaces. This is not recommended at this time."); ?>
</td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?=gettext("Unencrypted payloads in IKEv1 Main Mode"); ?></td>
<td width="78%" class="vtable">