From: Michael Tremer Date: Tue, 7 Jan 2014 16:00:30 +0000 (+0100) Subject: IPsec: Allow to disable DPD. X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=commitdiff_plain;h=afd5d8f76e725ac910c238e94f2282f78bce5da7 IPsec: Allow to disable DPD. --- diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi index 43d574ce5..83d2414b4 100644 --- a/html/cgi-bin/vpnmain.cgi +++ b/html/cgi-bin/vpnmain.cgi @@ -385,18 +385,27 @@ sub writeipsecfiles { print CONF "\tcompress=yes\n" if ($lconfighash{$key}[13] eq 'on'); # Dead Peer Detection - print CONF "\tdpdaction=$lconfighash{$key}[27]\n"; - - my $dpddelay = $lconfighash{$key}[30]; - if (!$dpddelay) { - $dpddelay = 30; - } - print CONF "\tdpddelay=$dpddelay\n"; - my $dpdtimeout = $lconfighash{$key}[31]; - if (!$dpdtimeout) { - $dpdtimeout = 120; + my $dpdaction = $lconfighash{$key}[27]; + print CONF "\tdpdaction=$dpdaction\n"; + + # If the dead peer detection is disabled and IKEv2 is used, + # dpddelay must be set to zero, too. + if ($dpdaction eq "none") { + if ($lconfighash{$key}[29] eq "ikev2") { + print CONF "\tdpddelay=0\n"; + } + } else { + my $dpddelay = $lconfighash{$key}[30]; + if (!$dpddelay) { + $dpddelay = 30; + } + print CONF "\tdpddelay=$dpddelay\n"; + my $dpdtimeout = $lconfighash{$key}[31]; + if (!$dpdtimeout) { + $dpdtimeout = 120; + } + print CONF "\tdpdtimeout=$dpdtimeout\n"; } - print CONF "\tdpdtimeout=$dpdtimeout\n"; # Build Authentication details: LEFTid RIGHTid : PSK psk my $psk_line; @@ -1845,9 +1854,9 @@ END # choose appropriate dpd action if ($cgiparams{'TYPE'} eq 'host') { - $cgiparams{'DPD_ACTION'} = 'clear'; + $cgiparams{'DPD_ACTION'} = 'clear'; } else { - $cgiparams{'DPD_ACTION'} = 'restart'; + $cgiparams{'DPD_ACTION'} = 'restart'; } if (!$cgiparams{'DPD_DELAY'}) { @@ -2229,6 +2238,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || $confighash{$cgiparams{'KEY'}}[24] = $cgiparams{'ONLY_PROPOSED'}; $confighash{$cgiparams{'KEY'}}[28] = $cgiparams{'PFS'}; $confighash{$cgiparams{'KEY'}}[14] = $cgiparams{'VHOST'}; + $confighash{$cgiparams{'KEY'}}[27] = $cgiparams{'DPD_ACTION'}; $confighash{$cgiparams{'KEY'}}[30] = $cgiparams{'DPD_TIMEOUT'}; $confighash{$cgiparams{'KEY'}}[31] = $cgiparams{'DPD_DELAY'}; &General::writehasharray("${General::swroot}/vpn/config", \%confighash); @@ -2251,6 +2261,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || $cgiparams{'ONLY_PROPOSED'} = $confighash{$cgiparams{'KEY'}}[24]; $cgiparams{'PFS'} = $confighash{$cgiparams{'KEY'}}[28]; $cgiparams{'VHOST'} = $confighash{$cgiparams{'KEY'}}[14]; + $cgiparams{'DPD_ACTION'} = $confighash{$cgiparams{'KEY'}}[27]; $cgiparams{'DPD_TIMEOUT'} = $confighash{$cgiparams{'KEY'}}[30]; $cgiparams{'DPD_DELAY'} = $confighash{$cgiparams{'KEY'}}[31]; @@ -2326,6 +2337,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || $selected{'DPD_ACTION'}{'clear'} = ''; $selected{'DPD_ACTION'}{'hold'} = ''; $selected{'DPD_ACTION'}{'restart'} = ''; + $selected{'DPD_ACTION'}{'none'} = ''; $selected{'DPD_ACTION'}{$cgiparams{'DPD_ACTION'}} = "selected='selected'"; &Header::showhttpheaders(); @@ -2458,6 +2470,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || $Lang::tr{'dpd action'}: