diff options
author | jim-p <jimp@pfsense.org> | 2012-08-27 14:38:45 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2012-08-27 14:38:45 -0400 |
commit | 116ba6653b103aed45ebc8a78fb644a3660b8fd6 (patch) | |
tree | 1842708c0431250979dfec030aa6aa8a74bff604 | |
parent | 53ac638bf11ce641d0f765f9e8e5fdfd15ad673f (diff) | |
download | pfsense-116ba6653b103aed45ebc8a78fb644a3660b8fd6.zip pfsense-116ba6653b103aed45ebc8a78fb644a3660b8fd6.tar.gz |
Restructure these IP/subnet tests so they don't break transport mode
-rw-r--r-- | etc/inc/vpn.inc | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 84c94cc..33002bf 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -650,7 +650,7 @@ EOD; $localid_type = "subnet"; } // Don't let an empty subnet into racoon.conf, it can cause parse errors. Ticket #2201. - if (!is_subnet($localid_data)) { + if (!is_ipaddr($localid_data) && !is_subnet($localid_data)) { log_error("Invalid IPsec Phase 2 \"{$ph2ent['descr']}\" - {$ph2ent['localid']['type']} has no subnet."); continue; } @@ -825,11 +825,10 @@ EOD; $localid = ipsec_idinfo_to_cidr($ph2ent['localid'],true); $remoteid = ipsec_idinfo_to_cidr($ph2ent['remoteid'],true); - // Error will be logged above, no need to log this twice. #2201 - if (!is_subnet($localid)) - continue; - if($ph2ent['mode'] == "tunnel") { + // Error will be logged above, no need to log this twice. #2201 + if (!is_subnet($localid)) + continue; $spdconf .= "spdadd {$localid} {$remoteid} any -P out ipsec " . "{$ph2ent['protocol']}/tunnel/{$ep}-{$rgip}/unique;\n"; |