diff options
author | Seth Mos <seth.mos@xs4all.nl> | 2008-11-06 13:00:32 +0000 |
---|---|---|
committer | Seth Mos <seth.mos@xs4all.nl> | 2008-11-06 13:00:32 +0000 |
commit | 7d0e5565fe95cb8244c43a643aa5d33d64f348a6 (patch) | |
tree | 418f656b6dc08b88364a06e506b60b8c99c1ca8f /etc/inc | |
parent | ba1e757214cc8d378b4672db79053f3c1f52d8f4 (diff) | |
download | pfsense-7d0e5565fe95cb8244c43a643aa5d33d64f348a6.zip pfsense-7d0e5565fe95cb8244c43a643aa5d33d64f348a6.tar.gz |
Lookup remote endpoint in routing table before attempting to delete route.
Diffstat (limited to 'etc/inc')
-rw-r--r-- | etc/inc/vpn.inc | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 775dee2..6371c56 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -173,6 +173,10 @@ function vpn_ipsec_configure($ipchg = false) { return 0; } + /* this loads a route table which is used to determine if a route needs to be removed. */ + exec("/sbin/netstat -rn", $route_arr, $retval); + $route_str = implode("\n", $route_arr); + if ((is_array($ipseccfg['tunnel']) && count($ipseccfg['tunnel'])) || isset($ipseccfg['mobileclients']['enable'])) { @@ -260,12 +264,15 @@ function vpn_ipsec_configure($ipchg = false) { if(! ip_in_subnet($tunnel['remote-gateway'], "{$subnet_ip}/{$subnet_bits}")) { if(is_ipaddr($gatewayip)) { log_error("IPSEC interface is not WAN but {$tunnel['interface']}, adding static route for VPN endpoint {$tunnel['remote-gateway']} via {$gatewayip}"); - mwexec("/sbin/route delete -host {$tunnel['remote-gateway']};/sbin/route add -host {$tunnel['remote-gateway']} {$gatewayip}"); + mwexec("/sbin/route delete -host {$tunnel['remote-gateway']}"); + mwexec("/sbin/route add -host {$tunnel['remote-gateway']} {$gatewayip}"); } } } } else { - mwexec("/sbin/route delete -host {$tunnel['remote-gateway']}"); + if(preg_match("/{$tunnel['remote-gateway']}/", $route_str)) { + mwexec("/sbin/route delete -host {$tunnel['remote-gateway']}"); + } } } |