From c8705b31e252f37069312ebf2ee7631cd469391b Mon Sep 17 00:00:00 2001
From: Chris Buechler <cmb@pfsense.org>
Date: Thu, 7 Jan 2016 19:43:05 -0600
Subject: Account for IP aliases in IPsec firewall rules. Ticket #5500

---
 src/etc/inc/filter.inc | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'src')

diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc
index a06b63e..7b8692b 100644
--- a/src/etc/inc/filter.inc
+++ b/src/etc/inc/filter.inc
@@ -4038,6 +4038,14 @@ function filter_generate_ipsec_rules($log = array()) {
 
 			if (strpos($ph1ent['interface'], "_vip")) {
 				$parentinterface = get_configured_carp_interface_list($ph1ent['interface'], '', 'iface');
+			} else if (is_ipaddr($ph1ent['interface'])) {
+				if (is_array($config['virtualip']['vip'])) {
+					foreach ($config['virtualip']['vip'] as $vip) {
+						if ($ph1ent['interface'] == $vip['subnet']) {
+							$parentinterface = $vip['interface'];
+						}
+					}
+				}
 			} else {
 				$parentinterface = $ph1ent['interface'];
 			}
-- 
cgit v1.1