From a0c4a6ced5c1ad64eb7b738e4ee55220654cdd59 Mon Sep 17 00:00:00 2001 From: Ermal Date: Fri, 5 Oct 2012 19:05:52 +0000 Subject: config.xml might have some elusive data so do not fail sainfo section for localside if there is an empty nat address. Just do not put the nat side in there --- etc/inc/vpn.inc | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) (limited to 'etc/inc/vpn.inc') diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index a5e179a..418ec14 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -710,16 +710,14 @@ EOD; $localid_spec = "{$localid_type} {$localid_data} any"; if (!empty($ph2ent['natlocalid'])) { $natlocalid_spec = " nat "; - if ($ph2ent['natlocalid']['type'] != "address") - $natlocalid_spec .= "subnet "; - else - $natlocalid_spec .= "address "; $natlocalid_data = ipsec_idinfo_to_cidr($ph2ent['natlocalid']); - if (!is_ipaddr($natlocalid_data) && !is_subnet($natlocalid_data)) { - log_error("Invalid IPsec Phase 2(NAT) \"{$ph2ent['descr']}\" - {$ph2ent['natlocalid']['type']} has no subnet."); - continue; + if ($ph2ent['natlocalid']['type'] != "address") { + if (is_subnet($natlocalid_data)) + $localid_spec .= "subnet {$natlocalid_data} any"; + } else { + if (is_ipaddr($natlocalid_data)) + $localid_spec .= "address {$natlocalid_data} any"; } - $localid_spec .= "{$natlocalid_spec} {$natlocalid_data} any"; } } -- cgit v1.1