diff options
-rw-r--r-- | etc/inc/filter.inc | 5 | ||||
-rw-r--r-- | etc/inc/vpn.inc | 3 | ||||
-rwxr-xr-x | usr/local/www/firewall_rules_edit.php | 2 |
3 files changed, 9 insertions, 1 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index a7d1863..9f7d108 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -288,6 +288,8 @@ function filter_generate_aliases() { $aliases .= "wan = \"{ " . get_real_wan_interface() . "{$wan_aliases} }\"\n"; } + $aliases .= "enc0 = \"{ enc0 }\"\n"; + /* used to count netgraph interfaces */ $counter = 0; @@ -2719,6 +2721,9 @@ function create_firewall_outgoing_rules_to_itself() { } } + /* permit internal ipsec outbound traffic */ + $rule .="pass out quick on \$enc0 label \"IPSEC internal host to host\""; + return $rule; } diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 5f43740..bc6fa21 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -97,6 +97,9 @@ function find_last_gif_device() { function vpn_ipsec_configure($ipchg = false) { global $config, $g, $sa, $sn; + mwexec("/sbin/ifconfig enc0 create"); + mwexec("/sbin/ifconfig enc0 up"); + /* get the automatic /etc/ping_hosts.sh ready */ unlink_if_exists("/var/db/ipsecpinghosts"); touch("/var/db/ipsecpinghosts"); diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index 23e15e7..ddaa2f0 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -384,7 +384,7 @@ include("head.inc"); <td width="78%" class="vtable"> <select name="interface" class="formfld"> <?php - $interfaces = array('wan' => 'WAN', 'lan' => 'LAN', 'pptp' => 'PPTP', 'pppoe' => 'PPPOE'); + $interfaces = array('wan' => 'WAN', 'lan' => 'LAN', 'pptp' => 'PPTP', 'pppoe' => 'PPPOE', 'enc0' => 'IPSEC'); for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) { $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr']; } |