diff options
author | Ermal <eri@pfsense.org> | 2012-10-05 19:05:52 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2012-10-05 19:05:52 +0000 |
commit | a0c4a6ced5c1ad64eb7b738e4ee55220654cdd59 (patch) | |
tree | 8a2d12bda64595b3d30bc892795e3499ce8f60ff | |
parent | 72dd4f07472340248265fa17e51d07d74653dca3 (diff) | |
download | pfsense-a0c4a6ced5c1ad64eb7b738e4ee55220654cdd59.zip pfsense-a0c4a6ced5c1ad64eb7b738e4ee55220654cdd59.tar.gz |
config.xml might have some elusive data so do not fail sainfo section for localside if there is an empty nat address. Just do not put the nat side in there
-rw-r--r-- | etc/inc/vpn.inc | 14 |
1 files changed, 6 insertions, 8 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index a5e179a..418ec14 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -710,16 +710,14 @@ EOD; $localid_spec = "{$localid_type} {$localid_data} any"; if (!empty($ph2ent['natlocalid'])) { $natlocalid_spec = " nat "; - if ($ph2ent['natlocalid']['type'] != "address") - $natlocalid_spec .= "subnet "; - else - $natlocalid_spec .= "address "; $natlocalid_data = ipsec_idinfo_to_cidr($ph2ent['natlocalid']); - if (!is_ipaddr($natlocalid_data) && !is_subnet($natlocalid_data)) { - log_error("Invalid IPsec Phase 2(NAT) \"{$ph2ent['descr']}\" - {$ph2ent['natlocalid']['type']} has no subnet."); - continue; + if ($ph2ent['natlocalid']['type'] != "address") { + if (is_subnet($natlocalid_data)) + $localid_spec .= "subnet {$natlocalid_data} any"; + } else { + if (is_ipaddr($natlocalid_data)) + $localid_spec .= "address {$natlocalid_data} any"; } - $localid_spec .= "{$natlocalid_spec} {$natlocalid_data} any"; } } |