From a269fed636cd7ec4820744477f844bf581a389cc Mon Sep 17 00:00:00 2001
From: PiBa-NL <pba_2k3@yahoo.com>
Date: Sun, 18 Nov 2012 00:37:12 +0100
Subject: ipsec binat rule not possible if using a subnet together with a
 single ip so use nat

---
 etc/inc/filter.inc | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index 2555bb6..df6cb9c 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -1444,7 +1444,11 @@ function filter_nat_rules_generate() {
 						continue;
 					if ($remote_subnet == "0.0.0.0/0")
 						$remote_subnet = "any";
-					$natrules .= "binat on enc0 from {$local_subnet} to {$remote_subnet} -> {$natlocal_subnet}\n";
+					if (is_ipaddr($natlocal_subnet) && !is_ipaddr($local_subnet) )
+						$nattype = "nat";
+					else					
+						$nattype = "binat";
+					$natrules .= "{$nattype} on enc0 from {$local_subnet} to {$remote_subnet} -> {$natlocal_subnet}\n";
 				}
 			}
 		}
-- 
cgit v1.1