diff options
| author | Ermal <eri@pfsense.org> | 2014-03-12 18:42:43 +0000 |
|---|---|---|
| committer | Ermal <eri@pfsense.org> | 2014-03-12 18:42:43 +0000 |
| commit | 3eeac2568777d737036fec8b476ce9ff6bad0f21 (patch) | |
| tree | 83401d4df8daee697a213f1bef3a6c6cc7424cf2 | |
| parent | 72a8c829fd5bacea4b93f4d511e34a7d5661ce97 (diff) | |
| download | pfsense-3eeac2568777d737036fec8b476ce9ff6bad0f21.zip pfsense-3eeac2568777d737036fec8b476ce9ff6bad0f21.tar.gz | |
Generate nat rules for ipsec when needed
| -rw-r--r-- | etc/inc/vpn.inc | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 0e5079c..760f41f 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -506,6 +506,7 @@ EOD; chmod("{$g['varetc_path']}/ipsec/ipsec.secrets", 0600); unset($pskconf); + $natfilterrules = false; /* begin ipsec.conf */ $ipsecconf = ""; if ((is_array($a_phase1) && count($a_phase1)) || (is_array($a_phase2) && count($a_phase2))) { @@ -675,16 +676,16 @@ EOD; continue; } $localid_spec = $ep; - /* XXX: To be finished */ - if (0 && !empty($ph2ent['natlocalid'])) { + if (!empty($ph2ent['natlocalid'])) { $natlocalid_data = ipsec_idinfo_to_cidr($ph2ent['natlocalid'], false, $ph2ent['mode']); if ($ph2ent['natlocalid']['type'] != "address") { if (is_subnet($natlocalid_data)) - $localid_spec .= " nat subnet {$natlocalid_data} any"; + $localid_data = "{$natlocalid_data}|{$localid_data}"; } else { if (is_ipaddr($natlocalid_data)) - $localid_spec .= " nat address {$natlocalid_data} any"; + $localid_data = "{$natlocalid_data}|{$localid_data}"; } + $natfilterrules = true; } } @@ -836,8 +837,6 @@ EOD; unset($ipsecconf); /* end ipsec.conf */ - /* generate IPsec policies */ - $natfilterrules = false; /* mange process */ if (isvalidpid("{$g['varrun_path']}/charon.pid")) { /* Read secrets */ |
