diff options
author | jim-p <jimp@pfsense.org> | 2016-12-12 12:55:30 -0500 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2016-12-12 12:56:25 -0500 |
commit | 93ab5b34e4e0b20baaf10fdd52119dd97d29ddad (patch) | |
tree | 85849514faa19e7834efe0c913b5ec5060a2dbbe /src/etc | |
parent | 30bc29717dcee49d1e96c1eb08d137fce49c26ed (diff) | |
download | pfsense-93ab5b34e4e0b20baaf10fdd52119dd97d29ddad.zip pfsense-93ab5b34e4e0b20baaf10fdd52119dd97d29ddad.tar.gz |
Ensure that mobile IPsec client addresses are added to vpn_networks. Fixes #7005
Diffstat (limited to 'src/etc')
-rw-r--r-- | src/etc/inc/filter.inc | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc index c6c93a1..23ba55a 100644 --- a/src/etc/inc/filter.inc +++ b/src/etc/inc/filter.inc @@ -973,6 +973,17 @@ function filter_get_vpns_list() { require_once("ipsec.inc"); } if (ipsec_enabled()) { + /* Include mobile IPsec client subnet in the VPN network list. + See https://redmine.pfsense.org/issues/7005 */ + if (is_array($config['ipsec']['client']) + && isset($config['ipsec']['client']['enable']) + && isset($config['ipsec']['client']['pool_address']) + && isset($config['ipsec']['client']['pool_netbits'])) { + $client_subnet = "{$config['ipsec']['client']['pool_address']}/{$config['ipsec']['client']['pool_netbits']}"; + if (is_subnet($client_subnet)) { + $vpns_arr[] = $client_subnet; + } + } if (is_array($config['ipsec']['phase2'])) { foreach ($config['ipsec']['phase2'] as $ph2ent) { if ((!$ph2ent['mobile']) && ($ph2ent['mode'] != 'transport')) { |