diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2005-10-13 20:49:48 +0000 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2005-10-13 20:49:48 +0000 |
| commit | ab80b66f23ff273cb5a574893ae428ef8422a6a9 (patch) | |
| tree | 2b9e56398259e55f030df55dfb1c084b9a13293b /etc/inc | |
| parent | 5b7eb87cad7372cbae9e790cada05f274ab68744 (diff) | |
| download | pfsense-ab80b66f23ff273cb5a574893ae428ef8422a6a9.zip pfsense-ab80b66f23ff273cb5a574893ae428ef8422a6a9.tar.gz | |
Add NATT support. Currently this option is disabled. To enable simply set the <developer/> tag inside <system> in config.xml
Diffstat (limited to 'etc/inc')
| -rw-r--r-- | etc/inc/vpn.inc | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index ddf30ca..2c2381c 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -238,11 +238,17 @@ function vpn_ipsec_configure($ipchg = false) { foreach($config['installedpackages']['sasyncd']['config'] as $sasyncd) { if($sasyncd['ip'] <> "") $curwanip = $sasyncd['ip']; - + /* natt - turn on if <developer/> exists */ + if(isset($config['system']['developer'] <> "") { + $lanip = $config['interfaces']['lan']['ipaddr']; + if($lanip <> "") + $natt = "isakmp_natt {$lanip}[4500];\n"; + } $interface_ip = $sasyncd['ip']; $racoonconf .= <<<EOD listen { isakmp {$interface_ip} [500]; + {$natt} } EOD; |
