If a mode_cfg subnet is defined for IPsec, also add it to outbound NAT.

author: jim-p <jimp@pfsense.org> 2011-06-03 14:53:07 -0400
committer: jim-p <jimp@pfsense.org> 2011-06-03 14:53:07 -0400
commit: bd4b09826c4f0a6ecae94c99a9fdfa8bf7bc4a95 (patch)
tree: 78723c2619ae9f7eee83cf0db5cde63cb5522770 /etc
parent: c8ff68a457782dd159e8c5c1ab73e30cfe243381 (diff)
download: pfsense-bd4b09826c4f0a6ecae94c99a9fdfa8bf7bc4a95.zip
pfsense-bd4b09826c4f0a6ecae94c99a9fdfa8bf7bc4a95.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index e5e173c..0988093 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -1384,6 +1384,12 @@ function filter_nat_rules_generate() {
 				}
 			}
 		}
+		/* IPsec mode_cfg subnet */
+		if (isset($config['ipsec']['client']['enable']) &&
+			!empty($config['ipsec']['client']['pool_address']) &&
+			!empty($config['ipsec']['client']['pool_netbits'])) {
+			$tonathosts .= "{$config['ipsec']['client']['pool_address']}/{$config['ipsec']['client']['pool_netbits']} ";
+		}
 		$natrules .= "\n# Subnets to NAT \n";
 		$tonathosts .= "127.0.0.0/8 ";
 		if($numberofnathosts > 4) {
author	jim-p <jimp@pfsense.org>	2011-06-03 14:53:07 -0400
committer	jim-p <jimp@pfsense.org>	2011-06-03 14:53:07 -0400
commit	bd4b09826c4f0a6ecae94c99a9fdfa8bf7bc4a95 (patch)
tree	78723c2619ae9f7eee83cf0db5cde63cb5522770 /etc
parent	c8ff68a457782dd159e8c5c1ab73e30cfe243381 (diff)
download	pfsense-bd4b09826c4f0a6ecae94c99a9fdfa8bf7bc4a95.zip pfsense-bd4b09826c4f0a6ecae94c99a9fdfa8bf7bc4a95.tar.gz