From aad50aec8a75f5b751a0ed27a3ce3dd3f7283399 Mon Sep 17 00:00:00 2001
From: Seth Mos <seth.mos@xs4all.nl>
Date: Fri, 6 Jun 2008 14:09:02 +0000
Subject: Correctly update static routes on change

---
 etc/inc/vpn.inc | 25 ++++++++++++++++---------
 1 file changed, 16 insertions(+), 9 deletions(-)

(limited to 'etc')

diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc
index 16a405b..95f1918 100644
--- a/etc/inc/vpn.inc
+++ b/etc/inc/vpn.inc
@@ -265,18 +265,25 @@ function vpn_ipsec_configure($ipchg = false) {
 					  "{$tunnel['p2']['protocol']}/tunnel/{$rgip}-" .
 					  "{$ep}/unique;\n";
 
-					if($tunnel['interface'] <> "wan") {
-						/* static route needed? */
-						if(preg_match("/^carp/i", $tunnel['interface'])) {
-							/* add endpoint routes to correct gateway on interface */
-							$parentinterface = link_carp_interface_to_parent($tunnel['interface']);
+					/* static route needed? */
+					$parentinterface = link_carp_interface_to_parent($tunnel['interface']);
+					if($parentinterface <> "wan") {
+						/* add endpoint routes to correct gateway on interface */
+						if(interface_has_gateway($parentinterface)) {
 							$gatewayip = get_interface_gateway("$parentinterface");
-							if($gatewayip) {
-								log_error("IPSEC interface is not WAN but {$tunnel['interface']}, adding static 
-route for VPN endpoint {$tunnel['remote-gateway']} via {$gatewayip}");
-								mwexec("/sbin/route add -host {$tunnel['remote-gateway']} {$gatewayip}");
+							$interfaceip = $config['interfaces'][$parentinterface]['ipaddr'];
+							$subnet_bits = $config['interfaces'][$parentinterface]['subnet'];
+							$subnet_ip = gen_subnet("{$interfaceip}", "{$subnet_bits}");
+							/* if the remote gateway is in the local subnet, then don't add a route */
+							if(! ip_in_subnet($tunnel['remote-gateway'], "{$subnet_ip}/{$subnet_bits}")) {
+								if(is_ipaddr($gatewayip)) {
+									log_error("IPSEC interface is not WAN but {$tunnel['interface']}, adding static route for VPN endpoint {$tunnel['remote-gateway']} via {$gatewayip}");
+									mwexec("/sbin/route delete -host {$tunnel['remote-gateway']};/sbin/route add -host {$tunnel['remote-gateway']} {$gatewayip}");
+								}
 							}
 						}
+					} else {
+						mwexec("/sbin/route delete -host {$tunnel['remote-gateway']}");
 					}
 
 				}
-- 
cgit v1.1