diff options
| author | Seth Mos <seth.mos@xs4all.nl> | 2008-06-06 14:09:02 +0000 |
|---|---|---|
| committer | Seth Mos <seth.mos@xs4all.nl> | 2008-06-06 14:09:02 +0000 |
| commit | aad50aec8a75f5b751a0ed27a3ce3dd3f7283399 (patch) | |
| tree | f65c4578026c5e5345a4bbdb9a306b7bb4566b4a /etc/inc/vpn.inc | |
| parent | c9dacd88c59d9cec1eea4ccbd8d81a8e380719a4 (diff) | |
| download | pfsense-aad50aec8a75f5b751a0ed27a3ce3dd3f7283399.zip pfsense-aad50aec8a75f5b751a0ed27a3ce3dd3f7283399.tar.gz | |
Correctly update static routes on change
Diffstat (limited to 'etc/inc/vpn.inc')
| -rw-r--r-- | etc/inc/vpn.inc | 25 |
1 files changed, 16 insertions, 9 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 16a405b..95f1918 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -265,18 +265,25 @@ function vpn_ipsec_configure($ipchg = false) { "{$tunnel['p2']['protocol']}/tunnel/{$rgip}-" . "{$ep}/unique;\n"; - if($tunnel['interface'] <> "wan") { - /* static route needed? */ - if(preg_match("/^carp/i", $tunnel['interface'])) { - /* add endpoint routes to correct gateway on interface */ - $parentinterface = link_carp_interface_to_parent($tunnel['interface']); + /* static route needed? */ + $parentinterface = link_carp_interface_to_parent($tunnel['interface']); + if($parentinterface <> "wan") { + /* add endpoint routes to correct gateway on interface */ + if(interface_has_gateway($parentinterface)) { $gatewayip = get_interface_gateway("$parentinterface"); - if($gatewayip) { - log_error("IPSEC interface is not WAN but {$tunnel['interface']}, adding static -route for VPN endpoint {$tunnel['remote-gateway']} via {$gatewayip}"); - mwexec("/sbin/route add -host {$tunnel['remote-gateway']} {$gatewayip}"); + $interfaceip = $config['interfaces'][$parentinterface]['ipaddr']; + $subnet_bits = $config['interfaces'][$parentinterface]['subnet']; + $subnet_ip = gen_subnet("{$interfaceip}", "{$subnet_bits}"); + /* if the remote gateway is in the local subnet, then don't add a route */ + if(! ip_in_subnet($tunnel['remote-gateway'], "{$subnet_ip}/{$subnet_bits}")) { + if(is_ipaddr($gatewayip)) { + log_error("IPSEC interface is not WAN but {$tunnel['interface']}, adding static route for VPN endpoint {$tunnel['remote-gateway']} via {$gatewayip}"); + mwexec("/sbin/route delete -host {$tunnel['remote-gateway']};/sbin/route add -host {$tunnel['remote-gateway']} {$gatewayip}"); + } } } + } else { + mwexec("/sbin/route delete -host {$tunnel['remote-gateway']}"); } } |
