Fix IPsec on CARP IPs, broken when fixing IPsec with gateway groups and VIPs.

author: Chris Buechler <cmb@pfsense.org> 2015-03-12 00:09:28 -0500
committer: Chris Buechler <cmb@pfsense.org> 2015-03-12 00:09:28 -0500
commit: 74c749be3af256d3c7f4108fb9ce1077d6f71d3a (patch)
tree: d2d1c1b615222d385b8360e05e051d63041b7ff5
parent: 3d67c650ef00403d4402d3a905c91a78dd831c82 (diff)
download: pfsense-74c749be3af256d3c7f4108fb9ce1077d6f71d3a.zip
pfsense-74c749be3af256d3c7f4108fb9ce1077d6f71d3a.tar.gz
1 files changed, 9 insertions, 5 deletions
diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc
index a611fff..24a3aef 100644
--- a/etc/inc/ipsec.inc
+++ b/etc/inc/ipsec.inc
@@ -190,12 +190,16 @@ function ipsec_get_phase1_src(& $ph1ent) {
 
 	if ($ph1ent['interface']) {
 		if (!is_ipaddr($ph1ent['interface'])) {
+                    if (strpos($ph1ent['interface'], '_vip')) {
+                        $if = $ph1ent['interface'];
+                    } else {
                         $if = get_failover_interface($ph1ent['interface']);
-			if ($ph1ent['protocol'] == "inet6") {
-				$interfaceip = get_interface_ipv6($if);
-			} else {
-				$interfaceip = get_interface_ip($if);
-			}
+                    }
+                    if ($ph1ent['protocol'] == "inet6") {
+			$interfaceip = get_interface_ipv6($if);
+                    } else {
+			$interfaceip = get_interface_ip($if);
+		    }
 		} else {
 			$interfaceip=$ph1ent['interface'];
 		}
author	Chris Buechler <cmb@pfsense.org>	2015-03-12 00:09:28 -0500
committer	Chris Buechler <cmb@pfsense.org>	2015-03-12 00:09:28 -0500
commit	74c749be3af256d3c7f4108fb9ce1077d6f71d3a (patch)
tree	d2d1c1b615222d385b8360e05e051d63041b7ff5
parent	3d67c650ef00403d4402d3a905c91a78dd831c82 (diff)
download	pfsense-74c749be3af256d3c7f4108fb9ce1077d6f71d3a.zip pfsense-74c749be3af256d3c7f4108fb9ce1077d6f71d3a.tar.gz