Ensure that mobile IPsec client addresses are added to vpn_networks. Fixes #7005

author: jim-p <jimp@pfsense.org> 2016-12-12 12:55:30 -0500
committer: jim-p <jimp@pfsense.org> 2016-12-12 12:56:25 -0500
commit: 93ab5b34e4e0b20baaf10fdd52119dd97d29ddad (patch)
tree: 85849514faa19e7834efe0c913b5ec5060a2dbbe /src/etc/inc
parent: 30bc29717dcee49d1e96c1eb08d137fce49c26ed (diff)
download: pfsense-93ab5b34e4e0b20baaf10fdd52119dd97d29ddad.zip
pfsense-93ab5b34e4e0b20baaf10fdd52119dd97d29ddad.tar.gz
1 files changed, 11 insertions, 0 deletions
diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc
index c6c93a1..23ba55a 100644
--- a/src/etc/inc/filter.inc
+++ b/src/etc/inc/filter.inc
@@ -973,6 +973,17 @@ function filter_get_vpns_list() {
 		require_once("ipsec.inc");
 	}
 	if (ipsec_enabled()) {
+		/* Include mobile IPsec client subnet in the VPN network list.
+		   See https://redmine.pfsense.org/issues/7005 */
+		if (is_array($config['ipsec']['client'])
+		    && isset($config['ipsec']['client']['enable'])
+		    && isset($config['ipsec']['client']['pool_address'])
+		    && isset($config['ipsec']['client']['pool_netbits'])) {
+			$client_subnet = "{$config['ipsec']['client']['pool_address']}/{$config['ipsec']['client']['pool_netbits']}";
+			if (is_subnet($client_subnet)) {
+				 $vpns_arr[] = $client_subnet;
+			}
+		}
 		if (is_array($config['ipsec']['phase2'])) {
 			foreach ($config['ipsec']['phase2'] as $ph2ent) {
 				if ((!$ph2ent['mobile']) && ($ph2ent['mode'] != 'transport')) {
author	jim-p <jimp@pfsense.org>	2016-12-12 12:55:30 -0500
committer	jim-p <jimp@pfsense.org>	2016-12-12 12:56:25 -0500
commit	93ab5b34e4e0b20baaf10fdd52119dd97d29ddad (patch)
tree	85849514faa19e7834efe0c913b5ec5060a2dbbe /src/etc/inc
parent	30bc29717dcee49d1e96c1eb08d137fce49c26ed (diff)
download	pfsense-93ab5b34e4e0b20baaf10fdd52119dd97d29ddad.zip pfsense-93ab5b34e4e0b20baaf10fdd52119dd97d29ddad.tar.gz