3 files changed, 9 insertions, 1 deletions

diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index a7d1863..9f7d108 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -288,6 +288,8 @@ function filter_generate_aliases() {
 		$aliases .= "wan = \"{ " . get_real_wan_interface() . "{$wan_aliases} }\"\n";
 	}
 
+	$aliases .= "enc0 = \"{ enc0 }\"\n";
+
     /* used to count netgraph interfaces */
     $counter = 0;
 
@@ -2719,6 +2721,9 @@ function create_firewall_outgoing_rules_to_itself() {
 		}
 	}
 
+	/* permit internal ipsec outbound traffic */
+	$rule .="pass out quick on \$enc0 label \"IPSEC internal host to host\"";
+
 	return $rule;
 }
 
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc
index 5f43740..bc6fa21 100644
--- a/etc/inc/vpn.inc
+++ b/etc/inc/vpn.inc
@@ -97,6 +97,9 @@ function find_last_gif_device() {
 function vpn_ipsec_configure($ipchg = false) {
 	global $config, $g, $sa, $sn;
 
+	mwexec("/sbin/ifconfig enc0 create");
+	mwexec("/sbin/ifconfig enc0 up");
+
 	/* get the automatic /etc/ping_hosts.sh ready */
 	unlink_if_exists("/var/db/ipsecpinghosts");
 	touch("/var/db/ipsecpinghosts");
diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php
index 23e15e7..ddaa2f0 100755
--- a/usr/local/www/firewall_rules_edit.php
+++ b/usr/local/www/firewall_rules_edit.php
@@ -384,7 +384,7 @@ include("head.inc");
 			<td width="78%" class="vtable">
 				<select name="interface" class="formfld">
 <?php
-					$interfaces = array('wan' => 'WAN', 'lan' => 'LAN', 'pptp' => 'PPTP', 'pppoe' => 'PPPOE');
+					$interfaces = array('wan' => 'WAN', 'lan' => 'LAN', 'pptp' => 'PPTP', 'pppoe' => 'PPPOE', 'enc0' => 'IPSEC');
 					for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
 						$interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
 					}