diff options
author | Chris Buechler <cmb@pfsense.org> | 2015-03-12 00:09:28 -0500 |
---|---|---|
committer | Chris Buechler <cmb@pfsense.org> | 2015-03-12 00:09:28 -0500 |
commit | 74c749be3af256d3c7f4108fb9ce1077d6f71d3a (patch) | |
tree | d2d1c1b615222d385b8360e05e051d63041b7ff5 | |
parent | 3d67c650ef00403d4402d3a905c91a78dd831c82 (diff) | |
download | pfsense-74c749be3af256d3c7f4108fb9ce1077d6f71d3a.zip pfsense-74c749be3af256d3c7f4108fb9ce1077d6f71d3a.tar.gz |
Fix IPsec on CARP IPs, broken when fixing IPsec with gateway groups and VIPs.
-rw-r--r-- | etc/inc/ipsec.inc | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc index a611fff..24a3aef 100644 --- a/etc/inc/ipsec.inc +++ b/etc/inc/ipsec.inc @@ -190,12 +190,16 @@ function ipsec_get_phase1_src(& $ph1ent) { if ($ph1ent['interface']) { if (!is_ipaddr($ph1ent['interface'])) { + if (strpos($ph1ent['interface'], '_vip')) { + $if = $ph1ent['interface']; + } else { $if = get_failover_interface($ph1ent['interface']); - if ($ph1ent['protocol'] == "inet6") { - $interfaceip = get_interface_ipv6($if); - } else { - $interfaceip = get_interface_ip($if); - } + } + if ($ph1ent['protocol'] == "inet6") { + $interfaceip = get_interface_ipv6($if); + } else { + $interfaceip = get_interface_ip($if); + } } else { $interfaceip=$ph1ent['interface']; } |