summaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
Diffstat (limited to 'etc')
-rw-r--r--etc/inc/filter.inc19
1 files changed, 13 insertions, 6 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index feb9304..a3ca2eb 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -1846,17 +1846,24 @@ EOD;
exec("/sbin/sysctl net.inet.ipcomp.ipcomp_enable=1");
else
exec("/sbin/sysctl net.inet.ipcomp.ipcomp_enable=0");
+ $ipsec_ip = $wan_ip;
+ /* set failover ip if defined */
+ if(isset($config['installedpackages']['sasyncd']['config']))
+ foreach($config['installedpackages']['sasyncd']['config'] as $sasyncd) {
+ if($sasyncd['ip'] <> "")
+ $ipsec_ip = $sasyncd['ip'];
+ }
if(is_array($config['ipsec']['tunnel'])) {
foreach ($config['ipsec']['tunnel'] as $tunnel) {
$remote_gateway = $tunnel['remote-gateway'];
- $ipfrules .= "pass quick on " . $wanif . " proto udp from " . $wan_ip . " to " . $remote_gateway . " port = 500 keep state label \"IPSEC: ". $tunnel['descr'] ." udp\"\n";
- $ipfrules .= "pass quick on " . $wanif . " proto udp from " . $remote_gateway . " to " . $wan_ip . " port = 500 keep state label \"". $tunnel['descr'] ." udp\"\n";
+ $ipfrules .= "pass quick on " . $wanif . " proto udp from " . $ipsec_ip . " to " . $remote_gateway . " port = 500 keep state label \"IPSEC: ". $tunnel['descr'] ." udp\"\n";
+ $ipfrules .= "pass quick on " . $wanif . " proto udp from " . $remote_gateway . " to " . $ipsec_ip . " port = 500 keep state label \"". $tunnel['descr'] ." udp\"\n";
- $ipfrules .= "pass quick on " . $wanif . " proto esp from " . $wan_ip . " to " . $remote_gateway . " keep state label \"IPSEC: ". $tunnel['descr'] ." esp proto\"\n";
- $ipfrules .= "pass quick on " . $wanif . " proto esp from " . $remote_gateway . " to " . $wan_ip . " keep state label \"IPSEC: ". $tunnel['descr'] ." esp proto\"\n";
+ $ipfrules .= "pass quick on " . $wanif . " proto esp from " . $ipsec_ip . " to " . $remote_gateway . " keep state label \"IPSEC: ". $tunnel['descr'] ." esp proto\"\n";
+ $ipfrules .= "pass quick on " . $wanif . " proto esp from " . $remote_gateway . " to " . $ipsec_ip . " keep state label \"IPSEC: ". $tunnel['descr'] ." esp proto\"\n";
- $ipfrules .= "pass quick on " . $wanif . " proto ah from " . $wan_ip . " to " . $remote_gateway . " keep state label \"IPSEC: ". $tunnel['descr'] ." ah proto\"\n";
- $ipfrules .= "pass quick on " . $wanif . " proto ah from " . $remote_gateway . " to " . $wan_ip . " keep state label \"IPSEC: ". $tunnel['descr'] ." ah proto\"\n";
+ $ipfrules .= "pass quick on " . $wanif . " proto ah from " . $ipsec_ip . " to " . $remote_gateway . " keep state label \"IPSEC: ". $tunnel['descr'] ." ah proto\"\n";
+ $ipfrules .= "pass quick on " . $wanif . " proto ah from " . $remote_gateway . " to " . $ipsec_ip . " keep state label \"IPSEC: ". $tunnel['descr'] ." ah proto\"\n";
$ipfrules .= "pass quick on " . $lanif . " from " . $tunnel['remote-subnet'] . " to " . $internal_subnet . " keep state label \"IPSEC: " . $tunnel['descr'] ."\"\n";
$ipfrules .= "pass quick on " . $lanif . " from " . $internal_subnet . " to " . $tunnel['remote-subnet'] . " keep state label \"IPSEC: " . $tunnel['descr'] ."\"\n";
OpenPOWER on IntegriCloud