diff options
Diffstat (limited to 'etc/inc')
-rw-r--r-- | etc/inc/filter.inc | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index daef238..703d274 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -2649,12 +2649,13 @@ EOD; } $local_subnet = return_vpn_subnet($tunnel['local-subnet']); foreach($ifdescrs as $iface) { - echo "processing $iface\n"; foreach($ipsec_ips as $interface_ip) { if($iface == "wan") $interface_ip = find_interface_ip(get_real_wan_interface()); else $interface_ip = find_interface_ip(convert_friendly_interface_to_real_interface_name($iface)); + if($tunnel['interface'] <> $iface and strstr($tunnel['interface'], "carp") == false) + continue; $ipfrules .= "pass out quick on \${$iface} proto udp from {$interface_ip} to {$remote_gateway} port = 500 keep state label \"IPSEC: {$tunnel['descr']} - outbound isakmp\"\n"; $ipfrules .= "pass in quick on \${$iface} proto udp from {$remote_gateway} to $interface_ip port = 500 keep state label \"IPSEC: {$tunnel['descr']} - inbound isakmp\"\n"; if ($tunnel['p2']['protocol'] == 'esp') { |