diff options
author | Ermal <eri@pfsense.org> | 2012-10-05 19:05:52 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2012-10-05 19:05:52 +0000 |
commit | a0c4a6ced5c1ad64eb7b738e4ee55220654cdd59 (patch) | |
tree | 8a2d12bda64595b3d30bc892795e3499ce8f60ff /etc | |
parent | 72dd4f07472340248265fa17e51d07d74653dca3 (diff) | |
download | pfsense-a0c4a6ced5c1ad64eb7b738e4ee55220654cdd59.zip pfsense-a0c4a6ced5c1ad64eb7b738e4ee55220654cdd59.tar.gz |
config.xml might have some elusive data so do not fail sainfo section for localside if there is an empty nat address. Just do not put the nat side in there
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/vpn.inc | 14 |
1 files changed, 6 insertions, 8 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index a5e179a..418ec14 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -710,16 +710,14 @@ EOD; $localid_spec = "{$localid_type} {$localid_data} any"; if (!empty($ph2ent['natlocalid'])) { $natlocalid_spec = " nat "; - if ($ph2ent['natlocalid']['type'] != "address") - $natlocalid_spec .= "subnet "; - else - $natlocalid_spec .= "address "; $natlocalid_data = ipsec_idinfo_to_cidr($ph2ent['natlocalid']); - if (!is_ipaddr($natlocalid_data) && !is_subnet($natlocalid_data)) { - log_error("Invalid IPsec Phase 2(NAT) \"{$ph2ent['descr']}\" - {$ph2ent['natlocalid']['type']} has no subnet."); - continue; + if ($ph2ent['natlocalid']['type'] != "address") { + if (is_subnet($natlocalid_data)) + $localid_spec .= "subnet {$natlocalid_data} any"; + } else { + if (is_ipaddr($natlocalid_data)) + $localid_spec .= "address {$natlocalid_data} any"; } - $localid_spec .= "{$natlocalid_spec} {$natlocalid_data} any"; } } |