1 files changed, 25 insertions, 11 deletions

diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc
index 5db241d..1e9ea34 100644
--- a/etc/inc/vpn.inc
+++ b/etc/inc/vpn.inc
@@ -162,6 +162,8 @@ function vpn_ipsec_configure($ipchg = false)
 		$rgmap = array();
 		$dnswatch_list = array();
 		if (is_array($a_phase1) && count($a_phase1)) {
+
+			/* step through each phase1 entry */
 			foreach ($a_phase1 as $ph1ent) {
 				if (isset($ph1ent['disabled']))
 					continue;
@@ -191,19 +193,31 @@ function vpn_ipsec_configure($ipchg = false)
 
 				$rgmap[$ph1ent['remote-gateway']] = $rg;
 
-				/* add an ipsec pinghosts entry */
+				/* step through each phase2 entry */
+				foreach ($a_phase2 as $ph2ent) {
+
+					$ikeid = $ph2ent['ikeid'];
+
+					if (isset($ph2ent['disabled']))
+						continue;
 
-				if ($ph1ent['pinghost']) {
-					$pfd = fopen("/var/db/ipsecpinghosts", "a");
-					$iflist = get_configured_interface_list();
-					foreach ($iflist as $ifent => $ifname) {
-						$interface_ip = find_interface_ip($config['interfaces'][$ifname]['if']);
-						if (ip_in_subnet($interface_ip, $sa . "/" . $sn))
-						$srcip = find_interface_ip($config['interfaces'][$ifname]['if']);
+					if ($ikeid != $ph1ent['ikeid'])
+						continue;
+
+					/* add an ipsec pinghosts entry */
+					if ($ph2ent['pinghost']) {
+						$pfd = fopen("/var/db/ipsecpinghosts", "a");
+						$iflist = get_configured_interface_list();
+						foreach ($iflist as $ifent => $ifname) {
+							$interface_ip = find_interface_ip($config['interfaces'][$ifname]['if']);
+							$local_subnet = ipsec_idinfo_to_cidr($ph2ent['localid'], true);
+							if (ip_in_subnet($interface_ip, $local_subnet))
+								$srcip = $interface_ip;
+						}
+						$dstip = $ph2ent['pinghost'];
+						fwrite($pfd, "$srcip|$dstip|3\n");
+						fclose($pfd);
 					}
-					$dstip = $ph1ent['pinghost'];
-					fwrite($pfd, "$srcip|$dstip|3\n");
-					fclose($pfd);
 				}
 			}
 		}