diff options
| author | Seth Mos <seth.mos@xs4all.nl> | 2008-06-06 14:10:19 +0000 |
|---|---|---|
| committer | Seth Mos <seth.mos@xs4all.nl> | 2008-06-06 14:10:19 +0000 |
| commit | c65fc017bdc7ec7e4ce4ed39c3ae81f2eaf60f11 (patch) | |
| tree | 374c8c9d72dac2dbf3df6dc431525cc79d4e564e /etc/inc | |
| parent | 9528a92d85e139e39e1a67d934738818e2f72a37 (diff) | |
| download | pfsense-c65fc017bdc7ec7e4ce4ed39c3ae81f2eaf60f11.zip pfsense-c65fc017bdc7ec7e4ce4ed39c3ae81f2eaf60f11.tar.gz | |
Correctly update static routes on change
Diffstat (limited to 'etc/inc')
| -rw-r--r-- | etc/inc/vpn.inc | 24 |
1 files changed, 16 insertions, 8 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index cfab602..482ce9c 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -243,17 +243,25 @@ function vpn_ipsec_configure($ipchg = false) { "{$tunnel['p2']['protocol']}/tunnel/{$tunnel['remote-gateway']}-" . "{$ep}/unique;\n"; - if($tunnel['interface'] <> "wan") { - /* static route needed? */ - if(preg_match("/^carp/i", $tunnel['interface'])) { - /* add endpoint routes to correct gateway on interface */ - $parentinterface = link_carp_interface_to_parent($tunnel['interface']); + /* static route needed? */ + $parentinterface = link_carp_interface_to_parent($tunnel['interface']); + if($parentinterface <> "wan") { + /* add endpoint routes to correct gateway on interface */ + if(interface_has_gateway($parentinterface)) { $gatewayip = get_interface_gateway("$parentinterface"); - if($gatewayip) { - log_error("IPSEC interface is not WAN but {$tunnel['interface']}, adding static route for VPN endpoint {$tunnel['remote-gateway']} via {$gatewayip}"); - mwexec("/sbin/route add -host {$tunnel['remote-gateway']} {$gatewayip}"); + $interfaceip = $config['interfaces'][$parentinterface]['ipaddr']; + $subnet_bits = $config['interfaces'][$parentinterface]['subnet']; + $subnet_ip = gen_subnet("{$interfaceip}", "{$subnet_bits}"); + /* if the remote gateway is in the local subnet, then don't add a route */ + if(! ip_in_subnet($tunnel['remote-gateway'], "{$subnet_ip}/{$subnet_bits}")) { + if(is_ipaddr($gatewayip)) { + log_error("IPSEC interface is not WAN but {$tunnel['interface']}, adding static route for VPN endpoint {$tunnel['remote-gateway']} via {$gatewayip}"); + mwexec("/sbin/route delete -host {$tunnel['remote-gateway']};/sbin/route add -host {$tunnel['remote-gateway']} {$gatewayip}"); + } } } + } else { + mwexec("/sbin/route delete -host {$tunnel['remote-gateway']}"); } } |
