diff options
Diffstat (limited to 'etc/inc/vpn.inc')
-rw-r--r-- | etc/inc/vpn.inc | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 25ea54c..16a405b 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -264,6 +264,21 @@ function vpn_ipsec_configure($ipchg = false) { "{$sa}/{$sn} any -P in ipsec " . "{$tunnel['p2']['protocol']}/tunnel/{$rgip}-" . "{$ep}/unique;\n"; + + if($tunnel['interface'] <> "wan") { + /* static route needed? */ + if(preg_match("/^carp/i", $tunnel['interface'])) { + /* add endpoint routes to correct gateway on interface */ + $parentinterface = link_carp_interface_to_parent($tunnel['interface']); + $gatewayip = get_interface_gateway("$parentinterface"); + if($gatewayip) { + log_error("IPSEC interface is not WAN but {$tunnel['interface']}, adding static +route for VPN endpoint {$tunnel['remote-gateway']} via {$gatewayip}"); + mwexec("/sbin/route add -host {$tunnel['remote-gateway']} {$gatewayip}"); + } + } + } + } fwrite($fd, $spdconf); |