Remove the vpn_endpoint_determine function. It did not work properly when

CARP devices were in use. Use the newer ipsec_get_phase1_src instead.

3 files changed, 9 insertions, 38 deletions

diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index 2b57578..bde090b 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -2513,11 +2513,8 @@ EOD;
 			/* determine local and remote peer addresses */
 
 			if (!isset($ph1ent['mobile'])) {
-				$rgip = $ph1ent['remote-gateway'];
-	                	if(!is_ipaddr($rgip))
-					$rgip = resolve_retry($rgip);
-
-				if (!is_ipaddr($rgip)) {
+				$rgip = ipsec_get_phase1_dst($ph1ent);
+				if (!$rgip) {
 					$ipfrules .= "# ERROR! Unable to determine remote IPsec peer address for {$ph1ent['remote-gateway']}\n";
 					continue;
 				}
diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc
index e5cd46d..76ea0f8 100644
--- a/etc/inc/ipsec.inc
+++ b/etc/inc/ipsec.inc
@@ -112,6 +112,9 @@ function ipsec_get_phase1_dst(& $ph1ent) {
 	if (!is_ipaddr($rg))
 		return resolve_retry($rg);
 
+	if(!is_ipaddr($rg))
+		return false;
+
 	return $rg;
 }
 
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc
index 19b6932..a8b6e56 100644
--- a/etc/inc/vpn.inc
+++ b/etc/inc/vpn.inc
@@ -176,7 +176,7 @@ function vpn_ipsec_configure($ipchg = false)
 				if (isset($ph1ent['disabled']))
 					continue;
 
-				$ep = vpn_endpoint_determine($ph1ent, $curwanip);
+				$ep = ipsec_get_phase1_src($ph1ent);
 				if (!$ep)
 					continue;
 
@@ -194,8 +194,7 @@ function vpn_ipsec_configure($ipchg = false)
 				if (!is_ipaddr($rg)) {
 					$dnswatch_list[] = $rg;
 					$rg = resolve_retry($rg);
-
-					if (!$rgip)
+					if (!$rg)
 						continue;
 				}
 
@@ -408,7 +407,7 @@ function vpn_ipsec_configure($ipchg = false)
 
 					$ikeid = $ph1ent['ikeid'];
 
-					$ep = vpn_endpoint_determine($ph1ent, $curwanip);
+					$ep = ipsec_get_phase1_src($ph1ent);
 					if (!$ep)
 						continue;
 
@@ -723,7 +722,7 @@ EOD;
 				if (isset($ph2ent['disabled']))
 					continue;
 
-				$ep = vpn_endpoint_determine($ph1ent, $curwanip);
+				$ep = ipsec_get_phase1_src($ph1ent);
 				if (!$ep)
 					continue;
 
@@ -863,34 +862,6 @@ function vpn_localnet_determine($adr, & $sa, & $sn) {
 	}
 }
 
-/* XXX: is there a need for this get_current_wan_address() does already this?! */
-function vpn_endpoint_determine($ph1ent, $curwanip) {
-
-	global $g, $config;
-
-	if ((!$ph1ent['interface']) || ($ph1ent['interface'] == "wan")) {
-		if ($curwanip)
-			return $curwanip;
-		else
-			return null;
-	} elseif ($ph1ent['interface'] == "lan") {
-		return $config['interfaces']['lan']['ipaddr'];
-	} else {
-		$iface = $config['interfaces'][$ph1ent['interface']]['if'];
-		$oc = $config['interfaces'][$ph1ent['interface']];
-		/* carp ips, etc */
-		$ip = find_interface_ip($iface);
-		if($ip) 
-			return $ip;
-			
-		if (isset ($oc['enable']) && $oc['if']) {
-			return $oc['ipaddr'];
-		}
-	}
-
-	return null;
-}
-
 /* Forcefully restart IPsec
  * This is required for when dynamic interfaces reload
  * For all other occasions the normal vpn_ipsec_configure()