From 24806500c55a51979ec8ff3fac06520e454ce03e Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Sat, 4 Mar 2023 19:23:38 +0100
Subject: [PATCH] VPN: IPsec: Tunnel Settings - according to
 https://wiki.strongswan.org/projects/strongswan/wiki/Fromipsecconf the
 "Dynamic gateway" (rightallowany) option should be translated to
 0.0.0.0/0,::/0 . closes https://github.com/opnsense/core/issues/6396

---
 src/etc/inc/plugins.inc.d/ipsec.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/etc/inc/plugins.inc.d/ipsec.inc b/src/etc/inc/plugins.inc.d/ipsec.inc
index a007ed8b0..f5e9fd46e 100644
--- a/src/etc/inc/plugins.inc.d/ipsec.inc
+++ b/src/etc/inc/plugins.inc.d/ipsec.inc
@@ -1339,7 +1339,7 @@ function ipsec_configure_do($verbose = false, $interface = '')
                 'remote-0' => [
                     'id' => ipsec_find_id($ph1ent, "peer") ?? '%any'
                 ],
-                'remote_addrs' => !isset($ph1ent['mobile']) && empty($ph1ent['rightallowany']) ? $ph1ent['remote-gateway'] : '%any',
+                'remote_addrs' => !isset($ph1ent['mobile']) && empty($ph1ent['rightallowany']) ? $ph1ent['remote-gateway'] : '0.0.0.0/0,::/0',
                 'encap' => !empty($ph1ent['nat_traversal']) && $ph1ent['nat_traversal'] == 'force' ? 'yes' : 'no',
             ];
             if (!isset($ph1ent['reauth_enable']) && !empty($ph1ent['lifetime']) && !empty($ph1ent['margintime'])) {