diff options
author | Seth Mos <seth.mos@xs4all.nl> | 2008-11-06 15:17:43 +0000 |
---|---|---|
committer | Seth Mos <seth.mos@xs4all.nl> | 2008-11-06 15:17:43 +0000 |
commit | ce97a47b60e47ed41e4a6bec424c9a0cb5e6cb8f (patch) | |
tree | d8967bda18f0d198a0729ddd094a529a2aeae572 /etc | |
parent | 73239086c292eb6019d3fe8d3dacbd9071414073 (diff) | |
download | pfsense-ce97a47b60e47ed41e4a6bec424c9a0cb5e6cb8f.zip pfsense-ce97a47b60e47ed41e4a6bec424c9a0cb5e6cb8f.tar.gz |
Lookup route table before attempting a delete
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/vpn.inc | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index dc75a0e..5688fae 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -167,6 +167,10 @@ function vpn_ipsec_configure($ipchg = false) return 0; } + /* this loads a route table which is used to determine if a route needs to be removed. */ + exec("/sbin/netstat -rn", $route_arr, $retval); + $route_str = implode("\n", $route_arr); + /* resolve all local, peer addresses and setup pings */ $ipmap = array(); $rgmap = array(); @@ -768,13 +772,18 @@ EOD; if (! ip_in_subnet($rgip, "{$subnet_ip}/{$subnet_bits}")) { if(is_ipaddr($gatewayip)) { log_error("IPSEC interface is not WAN but {$parentinterface}, adding static route for VPN endpoint {$rgip} via {$gatewayip}"); - mwexec("/sbin/route delete -host {$rgip};/sbin/route add -host {$rgip} {$gatewayip}"); + mwexec("/sbin/route delete -host {$rgip}"); + mwexec("/sbin/route add -host {$rgip} {$gatewayip}"); } } } } else - mwexec("/sbin/route delete -host {$rgip}"); + { + if(preg_match("/{$rgip}/", $route_str)) { + mwexec("/sbin/route delete -host {$rgip}"); + } + } } fwrite($fd, $spdconf); |