From 116ba6653b103aed45ebc8a78fb644a3660b8fd6 Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Mon, 27 Aug 2012 14:38:45 -0400
Subject: Restructure these IP/subnet tests so they don't break transport mode

---
 etc/inc/vpn.inc | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc
index 84c94cc..33002bf 100644
--- a/etc/inc/vpn.inc
+++ b/etc/inc/vpn.inc
@@ -650,7 +650,7 @@ EOD;
 								$localid_type = "subnet";
 							}
 							// Don't let an empty subnet into racoon.conf, it can cause parse errors. Ticket #2201.
-							if (!is_subnet($localid_data)) {
+							if (!is_ipaddr($localid_data) && !is_subnet($localid_data)) {
 								log_error("Invalid IPsec Phase 2 \"{$ph2ent['descr']}\" - {$ph2ent['localid']['type']} has no subnet.");
 								continue;
 							}
@@ -825,11 +825,10 @@ EOD;
 				$localid = ipsec_idinfo_to_cidr($ph2ent['localid'],true);
 				$remoteid = ipsec_idinfo_to_cidr($ph2ent['remoteid'],true);
 
-				// Error will be logged above, no need to log this twice. #2201
-				if (!is_subnet($localid))
-					continue;
-
 				if($ph2ent['mode'] == "tunnel") {
+					// Error will be logged above, no need to log this twice. #2201
+					if (!is_subnet($localid))
+						continue;
 
 					$spdconf .= "spdadd {$localid} {$remoteid} any -P out ipsec " .
 						"{$ph2ent['protocol']}/tunnel/{$ep}-{$rgip}/unique;\n";
-- 
cgit v1.1