diff options
author | Ermal <eri@pfsense.org> | 2014-11-01 23:41:38 +0100 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2014-11-01 23:41:38 +0100 |
commit | 8cb7d3e38698125855be263f3416cc12a1c5d8d9 (patch) | |
tree | a51f99e01dd72a52a8c71fc208386f5468255478 | |
parent | 6af857182b4b3ba22baa2d22d3d9f9d441398cc5 (diff) | |
download | pfsense-8cb7d3e38698125855be263f3416cc12a1c5d8d9.zip pfsense-8cb7d3e38698125855be263f3416cc12a1c5d8d9.tar.gz |
Properly configure NAT Tranversal setting.
-rw-r--r-- | etc/inc/vpn.inc | 49 |
1 files changed, 28 insertions, 21 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 0bfb929..1e181c1 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -628,6 +628,11 @@ EOD; else $rekey = "rekey = yes"; + if ($ph1ent['nat_traversal'] != 'off') + $forceencaps = "forceencaps = yes"; + else + $forceencaps = "forceencaps = no"; + $ipseclifetime = 0; $rightsubnet_spec = array(); $leftsubnet_spec = array(); @@ -779,16 +784,18 @@ EOD; if ($ipseclifetime == 0 || intval($ipseclifetime) > intval($ph2ent['lifetime'])) $ipseclifetime = intval($ph2ent['lifetime']); } + } } - $ipsecconf .=<<<EOD + $ipsecconf .=<<<EOD conn con{$ph1ent['ikeid']} aggressive = {$aggressive} fragmentation = yes keyexchange = {$keyexchange} {$reauth} + {$forceencaps} {$rekey} reqid = {$ikeid} installpolicy = yes @@ -801,26 +808,26 @@ conn con{$ph1ent['ikeid']} EOD; - if (!empty($ikelifeline)) - $ipsecconf .= "\t{$ikelifeline}\n"; - if ($ipseclifetime > 0) - $ipsecconf .= "\tlifetime = {$ipseclifetime}s\n"; - if (!empty($rightsourceip)) - $ipsecconf .= "{$rightsourceip}"; - if (!empty($rightsubnet_spec)) - $ipsecconf .= "\trightsubnet = " . join(",", $rightsubnet_spec) . "\n"; - if (!empty($leftsubnet_spec)) - $ipsecconf .= "\tleftsubnet = " . join(",", $leftsubnet_spec) . "\n"; - if (!empty($ealgosp1)) - $ipsecconf .= "\t{$ealgosp1}\n"; - if (!empty($ealgoAHsp2arr)) - $ipsecconf .= "\tah = " . join(',', $ealgoAHsp2arr) . "!\n"; - if (!empty($ealgoESPsp2arr)) - $ipsecconf .= "\tesp = " . join(',', $ealgoESPsp2arr) . "!\n"; - if (!empty($authentication)) - $ipsecconf .= "\t{$authentication}\n"; - if (!empty($peerid_spec)) - $ipsecconf .= "\trightid = {$peerid_spec}\n"; + if (!empty($ikelifeline)) + $ipsecconf .= "\t{$ikelifeline}\n"; + if ($ipseclifetime > 0) + $ipsecconf .= "\tlifetime = {$ipseclifetime}s\n"; + if (!empty($rightsourceip)) + $ipsecconf .= "{$rightsourceip}"; + if (!empty($rightsubnet_spec)) + $ipsecconf .= "\trightsubnet = " . join(",", $rightsubnet_spec) . "\n"; + if (!empty($leftsubnet_spec)) + $ipsecconf .= "\tleftsubnet = " . join(",", $leftsubnet_spec) . "\n"; + if (!empty($ealgosp1)) + $ipsecconf .= "\t{$ealgosp1}\n"; + if (!empty($ealgoAHsp2arr)) + $ipsecconf .= "\tah = " . join(',', $ealgoAHsp2arr) . "!\n"; + if (!empty($ealgoESPsp2arr)) + $ipsecconf .= "\tesp = " . join(',', $ealgoESPsp2arr) . "!\n"; + if (!empty($authentication)) + $ipsecconf .= "\t{$authentication}\n"; + if (!empty($peerid_spec)) + $ipsecconf .= "\trightid = {$peerid_spec}\n"; } } } |