diff options
author | Ermal LUÇI <eri@pfsense.org> | 2015-04-03 19:59:23 +0200 |
---|---|---|
committer | Ermal LUÇI <eri@pfsense.org> | 2015-04-03 19:59:35 +0200 |
commit | 0887e836c45242e5afb8840acf2de9262f65d27c (patch) | |
tree | f881bf74837fb53bf4107ac49084b0686b7023f3 /usr/local/www/vpn_ipsec_settings.php | |
parent | ebb9469d4e7ccb1986a4c17f1cdb44caf6bb6ad8 (diff) | |
download | pfsense-0887e836c45242e5afb8840acf2de9262f65d27c.zip pfsense-0887e836c45242e5afb8840acf2de9262f65d27c.tar.gz |
Fixes #4504 Allow the bypass policy for LAN to be enabled and prevent traffic sent to lan ip to go to the ipsec tunnel
Diffstat (limited to 'usr/local/www/vpn_ipsec_settings.php')
-rw-r--r-- | usr/local/www/vpn_ipsec_settings.php | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/usr/local/www/vpn_ipsec_settings.php b/usr/local/www/vpn_ipsec_settings.php index 41d6a3a..203566e 100644 --- a/usr/local/www/vpn_ipsec_settings.php +++ b/usr/local/www/vpn_ipsec_settings.php @@ -46,6 +46,7 @@ foreach ($ipsec_loglevels as $lkey => $ldescr) { $pconfig["ipsec_{$lkey}"] = $config['ipsec']["ipsec_{$lkey}"]; } $pconfig['unityplugin'] = isset($config['ipsec']['unityplugin']); +$pconfig['shuntlaninterfaces'] = isset($config['ipsec']['shuntlaninterfaces']); $pconfig['compression'] = isset($config['ipsec']['compression']); $pconfig['enableinterfacesuse'] = isset($config['ipsec']['enableinterfacesuse']); $pconfig['acceptunencryptedmainmode'] = isset($config['ipsec']['acceptunencryptedmainmode']); @@ -155,6 +156,12 @@ if ($_POST) { unset($config['ipsec']['unityplugin']); } + if($_POST['shuntlaninterfaces'] == "yes") { + $config['ipsec']['unityplugin'] = true; + } elseif (isset($config['ipsec']['shuntlaninterfaces'])) { + unset($config['ipsec']['shuntlaninterfaces']); + } + if($_POST['acceptunencryptedmainmode'] == "yes") { if (!isset($config['ipsec']['acceptunencryptedmainmode'])) $needsrestart = true; @@ -349,6 +356,15 @@ function maxmss_checked(obj) { </td> </tr> <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Bypass LAN address"); ?></td> + <td width="78%" class="vtable"> + <input name="shuntlaninterfaces" type="checkbox" id="shuntlaninterfaces" value="yes" <?php if ($pconfig['shuntlaninterfaces'] == true) echo "checked=\"checked\""; ?> /> + <strong><?=gettext("Enable bypass for LAN interface ip"); ?></strong> + <br /> + <?=gettext("Prevent LAN ip address to be proccessed for IPsec traffic."); ?> + </td> + </tr> + <tr> <td width="22%" valign="top"> </td> <td width="78%"> <input name="submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> |