diff options
author | Matthew Grooms <mgrooms@pfsense.org> | 2008-08-01 20:52:26 +0000 |
---|---|---|
committer | Matthew Grooms <mgrooms@pfsense.org> | 2008-08-01 20:52:26 +0000 |
commit | 2f69e11c5ea5c85e1202b92bb45ebc710bc8281a (patch) | |
tree | 6a579c3e5e05897aaa2ac1b71d37a25ee3dfb234 /etc | |
parent | 0e640f7604c9cb465b68c85e463f3c443423d27d (diff) | |
download | pfsense-2f69e11c5ea5c85e1202b92bb45ebc710bc8281a.zip pfsense-2f69e11c5ea5c85e1202b92bb45ebc710bc8281a.tar.gz |
Correct a regression that caused non NAT-T IPsec tunnel communications to
fail.
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/filter.inc | 48 |
1 files changed, 26 insertions, 22 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index cf02e66..b778a21 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -2501,31 +2501,11 @@ EOD; if (isset($config['ipsec']['enable']) && is_array($config['ipsec']['phase1'])) { - /* Step through all phase2 entries and determine - * which protocols are in use with this peer - */ - $prot_used_esp = false; - $prot_used_ah = false; - - if (is_array($config['ipsec']['phase2'])) - foreach ($config['ipsec']['phase2'] as $ph2ent) { - - /* only evaluate ph2's bound to our ph1 */ - if ($ph2ent['ikeid'] != $ph1ent['ikeid']) - continue; - - if ($ph2ent['protocol'] == 'esp') - $prot_used_esp = true; - - if ($ph2ent['protocol'] == 'ah') - $prot_used_ah = true; - } - /* step through all phase1 entries */ foreach ($config['ipsec']['phase1'] as $ph1ent) { - if (isset ($ph1ent['disabled'])) - continue; + if (isset ($ph1ent['disabled'])) + continue; update_filter_reload_status("Creating IPsec phase1 items for {$ph1ent['descr']}..."); @@ -2549,6 +2529,30 @@ EOD; else $descr = $rgip; + /* + * Step through all phase2 entries and determine + * which protocols are in use with this peer + */ + + $prot_used_esp = false; + $prot_used_ah = false; + + if (is_array($config['ipsec']['phase2'])) { + + foreach ($config['ipsec']['phase2'] as $ph2ent) { + + /* only evaluate ph2's bound to our ph1 */ + if ($ph2ent['ikeid'] != $ph1ent['ikeid']) + continue; + + if ($ph2ent['protocol'] == 'esp') + $prot_used_esp = true; + + if ($ph2ent['protocol'] == 'ah') + $prot_used_ah = true; + } + } + foreach ($FilterIflist as $ifr => $ifcfg) { /* Only process interfaces with gateway */ |