Fix up Ticket #4504 implementation. Match config style with other areas. Use a config setting to disable, rather than enable, this functionality since it's enabled by default so the tag isn't necessary in the default config. Remove now unnecessary config upgrade code.

2 files changed, 6 insertions, 9 deletions

diff --git a/etc/inc/upgrade_config.inc b/etc/inc/upgrade_config.inc
index 819562a..f2a1712 100644
--- a/etc/inc/upgrade_config.inc
+++ b/etc/inc/upgrade_config.inc
@@ -3738,9 +3738,6 @@ function upgrade_115_to_116() {
 function upgrade_116_to_117() {
 	global $config;
 
-	if (is_array($config['ipsec']))
-		$config['ipsec']['shuntlaninterfaces'] = true;
-
 	if (!isset($config['ipsec']['client']) ||
 	    !isset($config['ipsec']['client']['dns_split']) ||
 	    empty($config['ipsec']['client']['dns_split'])) {
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc
index 83ab427..d5efa8a 100644
--- a/etc/inc/vpn.inc
+++ b/etc/inc/vpn.inc
@@ -641,7 +641,7 @@ EOD;
 		$ipsecconf .= "config setup\n\tuniqueids = {$uniqueids}\n";
 		$ipsecconf .= "\tcharondebug=\"" . vpn_ipsec_configure_loglevels(true) . "\"\n";
 
-		if (isset($config['ipsec']['shuntlaninterfaces'])) {
+		if (!isset($config['ipsec']['noshuntlaninterfaces'])) {
 			if ($config['interfaces']['lan']) {
 				$lanip = get_interface_ip("lan");
 				if (!empty($lanip) && is_ipaddrv4($lanip)) {
@@ -650,11 +650,11 @@ EOD;
 					$ipsecconf .= <<<EOD
 
 conn bypasslan
-	leftsubnet={$lanip}/32
-	rightsubnet={$lansa}/{$lansn}
-	authby=never
-	type=passthrough
-	auto=route
+	leftsubnet = {$lanip}/32
+	rightsubnet = {$lansa}/{$lansn}
+	authby = never
+	type = passthrough
+	auto = route
 
 EOD;
 				}