Setup firewall ruels for correct IPSEC ip

author: Scott Ullrich <sullrich@pfsense.org> 2005-07-05 18:28:26 +0000
committer: Scott Ullrich <sullrich@pfsense.org> 2005-07-05 18:28:26 +0000
commit: 785cde57e3c766091d2b3c2bcbd6b4811c416a53 (patch)
tree: ab679ea685eeb547cd775224cafaab072a00d95b /etc
parent: e2de5461a55e4feff2f8fd3f838084b204a22c94 (diff)
download: pfsense-785cde57e3c766091d2b3c2bcbd6b4811c416a53.zip
pfsense-785cde57e3c766091d2b3c2bcbd6b4811c416a53.tar.gz
1 files changed, 13 insertions, 6 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index feb9304..a3ca2eb 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -1846,17 +1846,24 @@ EOD;
 	exec("/sbin/sysctl net.inet.ipcomp.ipcomp_enable=1");
 	else
 	exec("/sbin/sysctl net.inet.ipcomp.ipcomp_enable=0");
+	$ipsec_ip = $wan_ip;
+	/* set failover ip if defined */
+	if(isset($config['installedpackages']['sasyncd']['config']))
+	foreach($config['installedpackages']['sasyncd']['config'] as $sasyncd) {
+		if($sasyncd['ip'] <> "") 
+			$ipsec_ip = $sasyncd['ip'];
+	}
 	if(is_array($config['ipsec']['tunnel'])) {
 		foreach ($config['ipsec']['tunnel'] as $tunnel) {
 			$remote_gateway = $tunnel['remote-gateway'];
-			$ipfrules .= "pass quick on " . $wanif . " proto udp from " . $wan_ip . " to " . $remote_gateway . " port = 500 keep state label \"IPSEC: ". $tunnel['descr'] ." udp\"\n";
-			$ipfrules .= "pass quick on " . $wanif . " proto udp from " . $remote_gateway . " to " . $wan_ip  . " port = 500 keep state label \"". $tunnel['descr'] ." udp\"\n";
+			$ipfrules .= "pass quick on " . $wanif . " proto udp from " . $ipsec_ip . " to " . $remote_gateway . " port = 500 keep state label \"IPSEC: ". $tunnel['descr'] ." udp\"\n";
+			$ipfrules .= "pass quick on " . $wanif . " proto udp from " . $remote_gateway . " to " . $ipsec_ip  . " port = 500 keep state label \"". $tunnel['descr'] ." udp\"\n";
 
-			$ipfrules .= "pass quick on " . $wanif . " proto esp from " . $wan_ip . " to " . $remote_gateway . " keep state label \"IPSEC: ". $tunnel['descr'] ." esp proto\"\n";
-			$ipfrules .= "pass quick on " . $wanif . " proto esp from " . $remote_gateway . " to " . $wan_ip  . " keep state label \"IPSEC: ". $tunnel['descr'] ." esp proto\"\n";
+			$ipfrules .= "pass quick on " . $wanif . " proto esp from " . $ipsec_ip . " to " . $remote_gateway . " keep state label \"IPSEC: ". $tunnel['descr'] ." esp proto\"\n";
+			$ipfrules .= "pass quick on " . $wanif . " proto esp from " . $remote_gateway . " to " . $ipsec_ip  . " keep state label \"IPSEC: ". $tunnel['descr'] ." esp proto\"\n";
 
-			$ipfrules .= "pass quick on " . $wanif . " proto ah from " . $wan_ip . " to " . $remote_gateway . " keep state label \"IPSEC: ". $tunnel['descr'] ." ah proto\"\n";
-			$ipfrules .= "pass quick on " . $wanif . " proto ah from " . $remote_gateway . " to " . $wan_ip  . " keep state label \"IPSEC: ". $tunnel['descr'] ." ah proto\"\n";
+			$ipfrules .= "pass quick on " . $wanif . " proto ah from " . $ipsec_ip . " to " . $remote_gateway . " keep state label \"IPSEC: ". $tunnel['descr'] ." ah proto\"\n";
+			$ipfrules .= "pass quick on " . $wanif . " proto ah from " . $remote_gateway . " to " . $ipsec_ip  . " keep state label \"IPSEC: ". $tunnel['descr'] ." ah proto\"\n";
 
 			$ipfrules .= "pass quick on " . $lanif . " from " . $tunnel['remote-subnet'] . " to " . $internal_subnet  . " keep state label \"IPSEC:  " . $tunnel['descr'] ."\"\n";
 			$ipfrules .= "pass quick on " . $lanif . " from " . $internal_subnet . " to " . $tunnel['remote-subnet'] . " keep state label \"IPSEC:  " . $tunnel['descr'] ."\"\n";
author	Scott Ullrich <sullrich@pfsense.org>	2005-07-05 18:28:26 +0000
committer	Scott Ullrich <sullrich@pfsense.org>	2005-07-05 18:28:26 +0000
commit	785cde57e3c766091d2b3c2bcbd6b4811c416a53 (patch)
tree	ab679ea685eeb547cd775224cafaab072a00d95b /etc
parent	e2de5461a55e4feff2f8fd3f838084b204a22c94 (diff)
download	pfsense-785cde57e3c766091d2b3c2bcbd6b4811c416a53.zip pfsense-785cde57e3c766091d2b3c2bcbd6b4811c416a53.tar.gz