diff options
author | jim-p <jimp@pfsense.org> | 2012-01-31 14:04:29 -0500 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2012-01-31 14:04:29 -0500 |
commit | a11df336d4492c6846d6362a7fe88d0eefe36f11 (patch) | |
tree | a67dce15153b310dcb0447ecc161d1d7d9145f39 /etc/inc/vpn.inc | |
parent | a000752bf2e4e284ba73b0af262df4456b18574e (diff) | |
download | pfsense-a11df336d4492c6846d6362a7fe88d0eefe36f11.zip pfsense-a11df336d4492c6846d6362a7fe88d0eefe36f11.tar.gz |
Only do foreach on the p2's if it's actually an array.
Diffstat (limited to 'etc/inc/vpn.inc')
-rw-r--r-- | etc/inc/vpn.inc | 79 |
1 files changed, 39 insertions, 40 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 6279a79..f48059e 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -170,55 +170,54 @@ function vpn_ipsec_configure($ipchg = false) } $rgmap[$ph1ent['remote-gateway']] = $rg; - /* step through each phase2 entry */ - foreach ($a_phase2 as $ph2ent) { - - $ikeid = $ph2ent['ikeid']; + if (is_array($a_phase2)) { + /* step through each phase2 entry */ + foreach ($a_phase2 as $ph2ent) { + $ikeid = $ph2ent['ikeid']; - if (isset($ph2ent['disabled'])) - continue; + if (isset($ph2ent['disabled'])) + continue; - if ($ikeid != $ph1ent['ikeid']) - continue; + if ($ikeid != $ph1ent['ikeid']) + continue; - $ph2ent['localid']['mode'] = $ph2ent['mode']; - /* add an ipsec pinghosts entry */ - if ($ph2ent['pinghost']) { - $iflist = get_configured_interface_list(); - foreach ($iflist as $ifent => $ifname) { - if(is_ipaddrv6($ph2ent['pinghost'])) { - $interface_ip = get_interface_ipv6($ifent); - if(!is_ipaddrv6($interface_ip)) - continue; - $local_subnet = ipsec_idinfo_to_cidr($ph2ent['localid'], true); - if (ip_in_subnet($interface_ip, $local_subnet)) { - $srcip = $interface_ip; - break; + $ph2ent['localid']['mode'] = $ph2ent['mode']; + /* add an ipsec pinghosts entry */ + if ($ph2ent['pinghost']) { + $iflist = get_configured_interface_list(); + foreach ($iflist as $ifent => $ifname) { + if(is_ipaddrv6($ph2ent['pinghost'])) { + $interface_ip = get_interface_ipv6($ifent); + if(!is_ipaddrv6($interface_ip)) + continue; + $local_subnet = ipsec_idinfo_to_cidr($ph2ent['localid'], true); + if (ip_in_subnet($interface_ip, $local_subnet)) { + $srcip = $interface_ip; + break; + } + } else { + $interface_ip = get_interface_ip($ifent); + if(!is_ipaddrv4($interface_ip)) + continue; + $local_subnet = ipsec_idinfo_to_cidr($ph2ent['localid'], true); + if (ip_in_subnet($interface_ip, $local_subnet)) { + $srcip = $interface_ip; + break; + } } + } + $dstip = $ph2ent['pinghost']; + if(is_ipaddrv6($dstip)) { + $family = "inet6"; } else { - $interface_ip = get_interface_ip($ifent); - if(!is_ipaddrv4($interface_ip)) - continue; - $local_subnet = ipsec_idinfo_to_cidr($ph2ent['localid'], true); - if (ip_in_subnet($interface_ip, $local_subnet)) { - $srcip = $interface_ip; - break; - } + $family = "inet"; } + if (is_ipaddr($srcip)) + $ipsecpinghosts[] = "{$srcip}|{$dstip}|3|||||{$family}|\n"; } - $dstip = $ph2ent['pinghost']; - if(is_ipaddrv6($dstip)) { - $family = "inet6"; - } else { - $family = "inet"; - } - if (is_ipaddr($srcip)) - $ipsecpinghosts[] = "{$srcip}|{$dstip}|3|||||{$family}|\n"; - } + file_put_contents("{$g['vardb_path']}/ipsecpinghosts", $ipsecpinghosts); } - file_put_contents("{$g['vardb_path']}/ipsecpinghosts", $ipsecpinghosts); - } } |