From f3c338b3b3217618e91c843068f28307ffb2ab4c Mon Sep 17 00:00:00 2001
From: Ermal <eri@pfsense.org>
Date: Fri, 5 Oct 2012 19:41:12 +0000
Subject: This should fix ipsec status for natted tunnel(s).

---
 etc/inc/ipsec.inc | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc
index cf2caa2..52037ea 100644
--- a/etc/inc/ipsec.inc
+++ b/etc/inc/ipsec.inc
@@ -329,12 +329,17 @@ function ipsec_phase2_status(& $spd,& $sad,& $ph1ent,& $ph2ent) {
 	$rmt_ip = ipsec_get_phase1_dst($ph1ent);
 
 	$loc_id = ipsec_idinfo_to_cidr($ph2ent['localid'],true);
+	if (!empty($ph2ent['natlocalid']))
+		$natloc_id = ipsec_idinfo_to_cidr($ph2ent['natlocalid'],true);
 	$rmt_id = ipsec_idinfo_to_cidr($ph2ent['remoteid'],true);
 
 	/* check for established SA in both directions */
-	if( ipsec_lookup_ipsec_sa($spd,$sad,"out",$loc_ip,$rmt_ip,$loc_id,$rmt_id) &&
-		ipsec_lookup_ipsec_sa($spd,$sad,"in",$rmt_ip,$loc_ip,$rmt_id,$loc_id))
-		return true;
+	if( ipsec_lookup_ipsec_sa($spd,$sad,"out",$loc_ip,$rmt_ip,$loc_id,$rmt_id)) {
+		if (empty($ph2ent['natlocalid']) && ipsec_lookup_ipsec_sa($spd,$sad,"in",$rmt_ip,$loc_ip,$rmt_id,$loc_id))
+			return true;
+		else if (!empty($ph2ent['natlocalid']) && ipsec_lookup_ipsec_sa($spd,$sad,"in",$rmt_ip,$loc_ip,$rmt_id,$natloc_id))
+			return true;
+	}
 
 	return false;
 }
-- 
cgit v1.1