diff options
| author | Ermal <eri@pfsense.org> | 2010-08-10 14:40:56 +0000 |
|---|---|---|
| committer | Ermal <eri@pfsense.org> | 2010-08-10 14:40:56 +0000 |
| commit | 6c74ac2363176cf4492b2331130998fc4c140048 (patch) | |
| tree | aa3e92fac439362673fb06edff9caa3d5a0ae671 /etc/inc | |
| parent | c9fa825423373b9616ab59e816c4c7b7e7d04e7b (diff) | |
| download | pfsense-6c74ac2363176cf4492b2331130998fc4c140048.zip pfsense-6c74ac2363176cf4492b2331130998fc4c140048.tar.gz | |
Resolves #815. Do not add protection rules if lan interface has no ip.
Diffstat (limited to 'etc/inc')
| -rw-r--r-- | etc/inc/vpn.inc | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 1933e9f..6efec52 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -96,9 +96,6 @@ function vpn_ipsec_configure($ipchg = false) $a_phase1 = $config['ipsec']['phase1']; $a_phase2 = $config['ipsec']['phase2']; $a_client = $config['ipsec']['client']; - $lanip = get_interface_ip("lan"); - $lansn = get_interface_subnet("lan"); - $lansa = gen_subnet($lanip, $lansn); if (!isset($ipseccfg['enable'])) { mwexec("/sbin/ifconfig enc0 down"); @@ -755,8 +752,13 @@ EOD; /* Try to prevent people from locking themselves out of webgui. Just in case. */ if ($config['interfaces']['lan']) { - $spdconf .= "spdadd {$lanip}/32 {$lansa}/{$lansn} any -P out none;\n"; - $spdconf .= "spdadd {$lansa}/{$lansn} {$lanip}/32 any -P in none;\n"; + $lanip = get_interface_ip("lan"); + if (!empty($lanip) && is_ipaddr($lanip)) { + $lansn = get_interface_subnet("lan"); + $lansa = gen_subnet($lanip, $lansn); + $spdconf .= "spdadd {$lanip}/32 {$lansa}/{$lansn} any -P out none;\n"; + $spdconf .= "spdadd {$lansa}/{$lansn} {$lanip}/32 any -P in none;\n"; + } } foreach ($a_phase2 as $ph2ent) { |
