summaryrefslogtreecommitdiffstats
path: root/etc/inc/vpn.inc
diff options
context:
space:
mode:
authorErmal <eri@pfsense.org>2012-10-05 19:05:52 +0000
committerErmal <eri@pfsense.org>2012-10-05 19:05:52 +0000
commita0c4a6ced5c1ad64eb7b738e4ee55220654cdd59 (patch)
tree8a2d12bda64595b3d30bc892795e3499ce8f60ff /etc/inc/vpn.inc
parent72dd4f07472340248265fa17e51d07d74653dca3 (diff)
downloadpfsense-a0c4a6ced5c1ad64eb7b738e4ee55220654cdd59.zip
pfsense-a0c4a6ced5c1ad64eb7b738e4ee55220654cdd59.tar.gz
config.xml might have some elusive data so do not fail sainfo section for localside if there is an empty nat address. Just do not put the nat side in there
Diffstat (limited to 'etc/inc/vpn.inc')
-rw-r--r--etc/inc/vpn.inc14
1 files changed, 6 insertions, 8 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc
index a5e179a..418ec14 100644
--- a/etc/inc/vpn.inc
+++ b/etc/inc/vpn.inc
@@ -710,16 +710,14 @@ EOD;
$localid_spec = "{$localid_type} {$localid_data} any";
if (!empty($ph2ent['natlocalid'])) {
$natlocalid_spec = " nat ";
- if ($ph2ent['natlocalid']['type'] != "address")
- $natlocalid_spec .= "subnet ";
- else
- $natlocalid_spec .= "address ";
$natlocalid_data = ipsec_idinfo_to_cidr($ph2ent['natlocalid']);
- if (!is_ipaddr($natlocalid_data) && !is_subnet($natlocalid_data)) {
- log_error("Invalid IPsec Phase 2(NAT) \"{$ph2ent['descr']}\" - {$ph2ent['natlocalid']['type']} has no subnet.");
- continue;
+ if ($ph2ent['natlocalid']['type'] != "address") {
+ if (is_subnet($natlocalid_data))
+ $localid_spec .= "subnet {$natlocalid_data} any";
+ } else {
+ if (is_ipaddr($natlocalid_data))
+ $localid_spec .= "address {$natlocalid_data} any";
}
- $localid_spec .= "{$natlocalid_spec} {$natlocalid_data} any";
}
}
OpenPOWER on IntegriCloud