diff options
author | Ermal <eri@pfsense.org> | 2012-10-30 22:35:58 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2012-10-30 22:35:58 +0000 |
commit | b0bf6bd017e27f6d8161fe8fff0ba8e6a71f96a3 (patch) | |
tree | 57a99ad25c5629f69f33207301cfbddabda9cb85 /etc | |
parent | f85da3b5828843b8c1a904b05c2f9d612eab1b56 (diff) | |
download | pfsense-b0bf6bd017e27f6d8161fe8fff0ba8e6a71f96a3.zip pfsense-b0bf6bd017e27f6d8161fe8fff0ba8e6a71f96a3.tar.gz |
Fixes #2394. If an entry of 0.0.0.0/0 is configured than use the first interface ip matching. Also do a microptimization to not retrieve the interface list every ping host entry
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/vpn.inc | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 50b67b6..c5ced75 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -132,6 +132,7 @@ function vpn_ipsec_configure($ipchg = false) $ipmap = array(); $rgmap = array(); $filterdns_list = array(); + unset($iflist); if (is_array($a_phase1) && count($a_phase1)) { $ipsecpinghosts = ""; @@ -184,7 +185,8 @@ function vpn_ipsec_configure($ipchg = false) $ph2ent['localid']['mode'] = $ph2ent['mode']; /* add an ipsec pinghosts entry */ if ($ph2ent['pinghost']) { - $iflist = get_configured_interface_list(); + if (!is_array($iflist)) + $iflist = get_configured_interface_list(); foreach ($iflist as $ifent => $ifname) { if(is_ipaddrv6($ph2ent['pinghost'])) { $interface_ip = get_interface_ipv6($ifent); @@ -200,7 +202,7 @@ function vpn_ipsec_configure($ipchg = false) if(!is_ipaddrv4($interface_ip)) continue; $local_subnet = ipsec_idinfo_to_cidr($ph2ent['localid'], true); - if (ip_in_subnet($interface_ip, $local_subnet)) { + if ($local_subnet == "0.0.0.0/0" || ip_in_subnet($interface_ip, $local_subnet)) { $srcip = $interface_ip; break; } |