diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2006-09-21 02:11:14 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2006-09-21 02:11:14 +0000 |
commit | d87e27e0ec2f3180471977e05363c1b61883418a (patch) | |
tree | 1e3f4fb88759da278eb6d2313df54e273cbf3d04 /etc/inc/filter.inc | |
parent | 51fb86f5506b5ab648d10d96cf942c12607bfd83 (diff) | |
download | pfsense-d87e27e0ec2f3180471977e05363c1b61883418a.zip pfsense-d87e27e0ec2f3180471977e05363c1b61883418a.tar.gz |
When a failover ipsec ip address is defined, use it as the ip address endpoint for ipsec.
Diffstat (limited to 'etc/inc/filter.inc')
-rw-r--r-- | etc/inc/filter.inc | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 04b574b..ba638c8 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -2420,6 +2420,12 @@ EOD; $interface_ip = find_interface_ip(get_real_wan_interface()); else $interface_ip = find_interface_ip(convert_friendly_interface_to_real_interface_name($iface)); + /* if failover ip is set, use it */ + if(isset($config['installedpackages']['sasyncd'])) + if ($config['installedpackages']['sasyncd']['config'] <> "") + foreach ($config['installedpackages']['sasyncd']['config'] as $sasyncd) + if ($sasyncd['ip'] <> "") + $interface_ip = $sasyncd['ip']; $ipfrules .= "pass out quick on \${$iface} proto udp from {$interface_ip} to {$remote_gateway} port = 500 keep state label \"IPSEC: {$tunnel['descr']} - outbound isakmp\"\n"; $ipfrules .= "pass in quick on \${$iface} proto udp from {$remote_gateway} to $interface_ip port = 500 keep state label \"IPSEC: {$tunnel['descr']} - inbound isakmp\"\n"; if ($tunnel['p2']['protocol'] == 'esp') { @@ -2833,4 +2839,4 @@ function return_vpn_subnet($adr) { } -?> +?>
\ No newline at end of file |