diff options
| author | Chris Buechler <cmb@pfsense.org> | 2016-02-11 00:17:49 -0600 |
|---|---|---|
| committer | Chris Buechler <cmb@pfsense.org> | 2016-02-11 00:17:49 -0600 |
| commit | b574dc6327e03ccd446f61a08a9fea7c5827ce0e (patch) | |
| tree | 1b0b85c258591ae908516daacd54b355d5a0e1f2 /src/etc | |
| parent | 9d77d005c0928d673aa06bd57139be02a4480974 (diff) | |
| download | pfsense-b574dc6327e03ccd446f61a08a9fea7c5827ce0e.zip pfsense-b574dc6327e03ccd446f61a08a9fea7c5827ce0e.tar.gz | |
Fix regression with missing 500/4500/ESP rules for IPsec bound to gateway groups. Ticket #4858
Diffstat (limited to 'src/etc')
| -rw-r--r-- | src/etc/inc/filter.inc | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc index 9775f04..7a7cd81 100644 --- a/src/etc/inc/filter.inc +++ b/src/etc/inc/filter.inc @@ -4089,7 +4089,20 @@ function filter_generate_ipsec_rules($log = array()) { } } - if (substr($ph1ent['interface'], 0, 4) == "_vip") { + $a_groups = return_gateway_groups_array(); + if (is_array($a_groups[$ph1ent['interface']])) { + // bound to gateway group + $parentinterface = get_failover_interface($ph1ent['interface']); + if (substr($parentinterface, 0, 4) == "_vip") { + $parentinterface = get_configured_vip_interface($parentinterface); + /* IP Alias -> CARP */ + if (substr($parentinterface, 0, 4) == "_vip") { + $parentinterface = get_configured_vip_interface($parentinterface); + } + } else { + $parentinterface = convert_real_interface_to_friendly_interface_name($parentinterface); + } + } elseif (substr($ph1ent['interface'], 0, 4) == "_vip") { $parentinterface = get_configured_vip_interface($ph1ent['interface']); /* IP Alias -> CARP */ if (substr($parentinterface, 0, 4) == "_vip") { |
