summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjim-p <jimp@pfsense.org>2012-08-27 14:38:45 -0400
committerjim-p <jimp@pfsense.org>2012-08-27 14:38:45 -0400
commit116ba6653b103aed45ebc8a78fb644a3660b8fd6 (patch)
tree1842708c0431250979dfec030aa6aa8a74bff604
parent53ac638bf11ce641d0f765f9e8e5fdfd15ad673f (diff)
downloadpfsense-116ba6653b103aed45ebc8a78fb644a3660b8fd6.zip
pfsense-116ba6653b103aed45ebc8a78fb644a3660b8fd6.tar.gz
Restructure these IP/subnet tests so they don't break transport mode
-rw-r--r--etc/inc/vpn.inc9
1 files changed, 4 insertions, 5 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc
index 84c94cc..33002bf 100644
--- a/etc/inc/vpn.inc
+++ b/etc/inc/vpn.inc
@@ -650,7 +650,7 @@ EOD;
$localid_type = "subnet";
}
// Don't let an empty subnet into racoon.conf, it can cause parse errors. Ticket #2201.
- if (!is_subnet($localid_data)) {
+ if (!is_ipaddr($localid_data) && !is_subnet($localid_data)) {
log_error("Invalid IPsec Phase 2 \"{$ph2ent['descr']}\" - {$ph2ent['localid']['type']} has no subnet.");
continue;
}
@@ -825,11 +825,10 @@ EOD;
$localid = ipsec_idinfo_to_cidr($ph2ent['localid'],true);
$remoteid = ipsec_idinfo_to_cidr($ph2ent['remoteid'],true);
- // Error will be logged above, no need to log this twice. #2201
- if (!is_subnet($localid))
- continue;
-
if($ph2ent['mode'] == "tunnel") {
+ // Error will be logged above, no need to log this twice. #2201
+ if (!is_subnet($localid))
+ continue;
$spdconf .= "spdadd {$localid} {$remoteid} any -P out ipsec " .
"{$ph2ent['protocol']}/tunnel/{$ep}-{$rgip}/unique;\n";
OpenPOWER on IntegriCloud