diff options
author | jim-p <jimp@pfsense.org> | 2011-06-03 14:53:07 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2011-06-03 14:53:07 -0400 |
commit | bd4b09826c4f0a6ecae94c99a9fdfa8bf7bc4a95 (patch) | |
tree | 78723c2619ae9f7eee83cf0db5cde63cb5522770 /etc | |
parent | c8ff68a457782dd159e8c5c1ab73e30cfe243381 (diff) | |
download | pfsense-bd4b09826c4f0a6ecae94c99a9fdfa8bf7bc4a95.zip pfsense-bd4b09826c4f0a6ecae94c99a9fdfa8bf7bc4a95.tar.gz |
If a mode_cfg subnet is defined for IPsec, also add it to outbound NAT.
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/filter.inc | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index e5e173c..0988093 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1384,6 +1384,12 @@ function filter_nat_rules_generate() { } } } + /* IPsec mode_cfg subnet */ + if (isset($config['ipsec']['client']['enable']) && + !empty($config['ipsec']['client']['pool_address']) && + !empty($config['ipsec']['client']['pool_netbits'])) { + $tonathosts .= "{$config['ipsec']['client']['pool_address']}/{$config['ipsec']['client']['pool_netbits']} "; + } $natrules .= "\n# Subnets to NAT \n"; $tonathosts .= "127.0.0.0/8 "; if($numberofnathosts > 4) { |