lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-20 03:16:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

IPSec, nat before IPsec, try to work around a current known limitation. ref https://github.com/opnsense/core/issues/1773

Browse Source
This commit is contained in:
Ad Schellevis 2019-07-19 09:12:51 +02:00
parent b7f160e0a2
commit 30a55363ae
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/etc/inc/plugins.inc.d/ipsec.inc
View File

@ -667,7 +667,15 @@ function ipsec_configure_spd()
foreach ($config['ipsec']['phase1'] as $ph1ent) {
foreach ($config['ipsec']['phase2'] as $ph2ent) {
if (!isset($ph2ent['disabled']) && $ph1ent['ikeid'] == $ph2ent['ikeid'] && !empty($ph2ent['spd'])) {
$myid_data = ipsec_find_id($ph1ent, "local");
$myid_data = ipsec_get_phase1_src($ph1ent);
// XXX: remove me, temporary logging to validate https://github.com/opnsense/core/issues/1773
$myid_data_prev = ipsec_find_id($ph1ent, "local");
if ($myid_data_prev != $myid_data) {
log_error(sprintf(
"spdadd: using %s in source policy, local id set to %s", $myid_data, $myid_data_prev
));
}
$peerid_spec = ipsec_find_id($ph1ent, "peer");
if (!is_ipaddr($peerid_spec)) {
if (is_ipaddr($ph1ent['remote-gateway'])) {