From d87e27e0ec2f3180471977e05363c1b61883418a Mon Sep 17 00:00:00 2001
From: Scott Ullrich <sullrich@pfsense.org>
Date: Thu, 21 Sep 2006 02:11:14 +0000
Subject: When a failover ipsec ip address is defined, use it as the ip address
 endpoint for ipsec.

---
 etc/inc/filter.inc | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'etc/inc/filter.inc')

diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index 04b574b..ba638c8 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -2420,6 +2420,12 @@ EOD;
 						$interface_ip = find_interface_ip(get_real_wan_interface());
 					else
 						$interface_ip = find_interface_ip(convert_friendly_interface_to_real_interface_name($iface));
+					/* if failover ip is set, use it */
+					if(isset($config['installedpackages']['sasyncd']))
+						if ($config['installedpackages']['sasyncd']['config'] <> "")
+							foreach ($config['installedpackages']['sasyncd']['config'] as $sasyncd)
+								if ($sasyncd['ip'] <> "")
+									$interface_ip = $sasyncd['ip'];
 					$ipfrules .= "pass out quick on \${$iface} proto udp from {$interface_ip} to {$remote_gateway} port = 500 keep state label \"IPSEC: {$tunnel['descr']} - outbound isakmp\"\n";
 					$ipfrules .= "pass in quick on \${$iface} proto udp from {$remote_gateway} to $interface_ip port = 500 keep state label \"IPSEC: {$tunnel['descr']} - inbound isakmp\"\n";
 					if ($tunnel['p2']['protocol'] == 'esp') {
@@ -2833,4 +2839,4 @@ function return_vpn_subnet($adr) {
 
 }
 
-?>
+?>
\ No newline at end of file
-- 
cgit v1.1