diff options
author | Ermal <eri@pfsense.org> | 2012-10-05 19:41:12 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2012-10-05 19:41:12 +0000 |
commit | f3c338b3b3217618e91c843068f28307ffb2ab4c (patch) | |
tree | fae422b76fd01bbc7bccda2928d0e5feee46be9a /etc | |
parent | 909890c4f09623cfbb1b5f8ff933cd1b4ebeadd9 (diff) | |
download | pfsense-f3c338b3b3217618e91c843068f28307ffb2ab4c.zip pfsense-f3c338b3b3217618e91c843068f28307ffb2ab4c.tar.gz |
This should fix ipsec status for natted tunnel(s).
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/ipsec.inc | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc index cf2caa2..52037ea 100644 --- a/etc/inc/ipsec.inc +++ b/etc/inc/ipsec.inc @@ -329,12 +329,17 @@ function ipsec_phase2_status(& $spd,& $sad,& $ph1ent,& $ph2ent) { $rmt_ip = ipsec_get_phase1_dst($ph1ent); $loc_id = ipsec_idinfo_to_cidr($ph2ent['localid'],true); + if (!empty($ph2ent['natlocalid'])) + $natloc_id = ipsec_idinfo_to_cidr($ph2ent['natlocalid'],true); $rmt_id = ipsec_idinfo_to_cidr($ph2ent['remoteid'],true); /* check for established SA in both directions */ - if( ipsec_lookup_ipsec_sa($spd,$sad,"out",$loc_ip,$rmt_ip,$loc_id,$rmt_id) && - ipsec_lookup_ipsec_sa($spd,$sad,"in",$rmt_ip,$loc_ip,$rmt_id,$loc_id)) - return true; + if( ipsec_lookup_ipsec_sa($spd,$sad,"out",$loc_ip,$rmt_ip,$loc_id,$rmt_id)) { + if (empty($ph2ent['natlocalid']) && ipsec_lookup_ipsec_sa($spd,$sad,"in",$rmt_ip,$loc_ip,$rmt_id,$loc_id)) + return true; + else if (!empty($ph2ent['natlocalid']) && ipsec_lookup_ipsec_sa($spd,$sad,"in",$rmt_ip,$loc_ip,$rmt_id,$natloc_id)) + return true; + } return false; } |