diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/vpn.inc | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index d222622..3be02d2 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -586,6 +586,7 @@ EOD; $ikelifeline = "ikelifetime = {$ph1ent['lifetime']}s"; $authentication = ""; + $rightsourceip = NULL; switch ($ph1ent['authentication_method']) { case 'xauth_rsa_server': $authentication = "leftauth = pubkey\n\trightauth = pubkey"; @@ -594,6 +595,8 @@ EOD; case 'xauth_psk_server': $authentication = "leftauth = psk\n\trightauth = psk"; $authentication .= "\n\trightauth2 = xauth-generic"; + if (!empty($a_client['pool_address'])) + $rightsourceip = "\trightsourceip = {$a_client['pool_address']}/{$a_client['pool_netbits']}\n"; break; case 'pre_shared_key': $authentication = "leftauth = psk\n\trightauth = psk"; @@ -610,7 +613,6 @@ EOD; $left_spec = $ep; $ipseclifetime = 0; - $rightsourceip = NULL; $rightsubnet_spec = array(); $leftsubnet_spec = array(); $ealgoAHsp2arr = array(); @@ -664,7 +666,6 @@ EOD; $rightsubnet_spec[] = ipsec_idinfo_to_cidr($ph2ent['remoteid'], false, $ph2ent['mode']); } else if (!empty($a_client['pool_address'])) { $rightsubnet_spec[] = "{$a_client['pool_address']}/{$a_client['pool_netbits']}"; - $rightsourceip = "\trightsourceip={$a_client['pool_address']}/{$a_client['pool_netbits']}\n"; } } else { $tunneltype = "type = transport"; |