diff options
| author | Chris Buechler <cmb@pfsense.org> | 2014-08-11 05:19:34 -0500 |
|---|---|---|
| committer | Chris Buechler <cmb@pfsense.org> | 2014-08-11 05:19:34 -0500 |
| commit | 00311d6a841c0f6fc162ea11da06569f10220f5e (patch) | |
| tree | 39c3792c08ff6ea27be2e2409cc0c786be947b4e /etc | |
| parent | dc63467f3f8910f9cad7be877274ce939fb7ec4f (diff) | |
| download | pfsense-00311d6a841c0f6fc162ea11da06569f10220f5e.zip pfsense-00311d6a841c0f6fc162ea11da06569f10220f5e.tar.gz | |
Fix assignment of tunnel IPs to mobile clients.
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/vpn.inc | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 44ab33d..2d8dcfd 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -613,6 +613,7 @@ EOD; $left_spec = $ep; $ipseclifetime = 0; + $rightsourceip = NULL; $rightsubnet_spec = array(); $leftsubnet_spec = array(); $ealgoAHsp2arr = array(); @@ -664,8 +665,10 @@ EOD; if (!isset($ph2ent['mobile'])) { $rightsubnet_spec[] = ipsec_idinfo_to_cidr($ph2ent['remoteid'], false, $ph2ent['mode']); - } else if (!empty($a_client['pool_address'])) + } else if (!empty($a_client['pool_address'])) { $rightsubnet_spec[] = "{$a_client['pool_address']}/{$a_client['pool_netbits']}"; + $rightsourceip = "\trightsourceip={$a_client['pool_address']}/{$a_client['pool_netbits']}\n"; + } } else { $tunneltype = "type = transport"; @@ -765,6 +768,8 @@ EOD; $ipsecconf .= "\t{$ikelifeline}\n"; if ($ipseclifetime > 0) $ipsecconf .= "\tlifetime = {$ipseclifetime}s\n"; + if (!empty($rightsourceip)) + $ipsecconf .= "{$rightsourceip}"; if (!empty($rightsubnet_spec)) $ipsecconf .= "\trightsubnet = " . join(",", $rightsubnet_spec) . "\n"; if (!empty($leftsubnet_spec)) |
