diff options
| author | Chris Buechler <cmb@pfsense.org> | 2014-08-13 23:59:48 -0500 |
|---|---|---|
| committer | Chris Buechler <cmb@pfsense.org> | 2014-08-13 23:59:48 -0500 |
| commit | 7f1b720f4c3f1c8fd56fd1c4ab96458294b64175 (patch) | |
| tree | b4906908b227a444ef6e55034cdbf0e83d0871de /etc | |
| parent | 23ba08fc940b711f3b44551199890dc8e28a63b6 (diff) | |
| download | pfsense-7f1b720f4c3f1c8fd56fd1c4ab96458294b64175.zip pfsense-7f1b720f4c3f1c8fd56fd1c4ab96458294b64175.tar.gz | |
This is required for PSK+Xauth. I'll commit that clarification in a bit.
Revert "Revert "Fix assignment of tunnel IPs to mobile clients.""
This reverts commit 23ba08fc940b711f3b44551199890dc8e28a63b6.
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/vpn.inc | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index ae14169..d222622 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -610,6 +610,7 @@ EOD; $left_spec = $ep; $ipseclifetime = 0; + $rightsourceip = NULL; $rightsubnet_spec = array(); $leftsubnet_spec = array(); $ealgoAHsp2arr = array(); @@ -661,8 +662,10 @@ EOD; if (!isset($ph2ent['mobile'])) { $rightsubnet_spec[] = ipsec_idinfo_to_cidr($ph2ent['remoteid'], false, $ph2ent['mode']); - } else if (!empty($a_client['pool_address'])) + } else if (!empty($a_client['pool_address'])) { $rightsubnet_spec[] = "{$a_client['pool_address']}/{$a_client['pool_netbits']}"; + $rightsourceip = "\trightsourceip={$a_client['pool_address']}/{$a_client['pool_netbits']}\n"; + } } else { $tunneltype = "type = transport"; @@ -762,6 +765,8 @@ EOD; $ipsecconf .= "\t{$ikelifeline}\n"; if ($ipseclifetime > 0) $ipsecconf .= "\tlifetime = {$ipseclifetime}s\n"; + if (!empty($rightsourceip)) + $ipsecconf .= "{$rightsourceip}"; if (!empty($rightsubnet_spec)) $ipsecconf .= "\trightsubnet = " . join(",", $rightsubnet_spec) . "\n"; if (!empty($leftsubnet_spec)) |
