From ab80b66f23ff273cb5a574893ae428ef8422a6a9 Mon Sep 17 00:00:00 2001
From: Scott Ullrich <sullrich@pfsense.org>
Date: Thu, 13 Oct 2005 20:49:48 +0000
Subject: Add NATT support.  Currently this option is disabled.   To enable
 simply set the <developer/> tag inside <system> in config.xml

---
 etc/inc/vpn.inc | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'etc/inc')

diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc
index ddf30ca..2c2381c 100644
--- a/etc/inc/vpn.inc
+++ b/etc/inc/vpn.inc
@@ -238,11 +238,17 @@ function vpn_ipsec_configure($ipchg = false) {
 		foreach($config['installedpackages']['sasyncd']['config'] as $sasyncd) {
 			if($sasyncd['ip'] <> "") 
 				$curwanip = $sasyncd['ip'];
-
+				/* natt - turn on if <developer/> exists */
+				if(isset($config['system']['developer'] <> "") {
+					$lanip = $config['interfaces']['lan']['ipaddr'];
+					if($lanip <> "") 
+						$natt = "isakmp_natt {$lanip}[4500];\n";
+				}	
 				$interface_ip = $sasyncd['ip'];
 				$racoonconf .= <<<EOD
 listen {
 	isakmp {$interface_ip} [500];
+	{$natt}
 }
 
 EOD;
-- 
cgit v1.1