lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-14 16:44:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

VPN: IPsec: Tunnel Settings - "Allow any remote gateway to connect" should suffix all in order to connect to the other end. closes https://github.com/opnsense/core/issues/6396

Browse Source
This commit is contained in:
Ad Schellevis 2023-03-07 19:55:03 +01:00
parent dc9e22331e
commit 3af487bcf6
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/etc/inc/plugins.inc.d/ipsec.inc
View File

@ -1339,9 +1339,16 @@ function ipsec_configure_do($verbose = false, $interface = '')
'remote-0' => [
'id' => ipsec_find_id($ph1ent, "peer") ?? '%any'
],
'remote_addrs' => !isset($ph1ent['mobile']) && empty($ph1ent['rightallowany']) ? $ph1ent['remote-gateway'] : '0.0.0.0/0,::/0',
'encap' => !empty($ph1ent['nat_traversal']) && $ph1ent['nat_traversal'] == 'force' ? 'yes' : 'no',
];
if (!isset($ph1ent['mobile'])) {
$connection['remote_addrs'] = $ph1ent['remote-gateway'];
if (!empty($ph1ent['rightallowany'])) {
$connection['remote_addrs'] .= ',0.0.0.0/0,::/0';
}
} else {
$connection['remote_addrs'] = '%any'; // default
}
if (!isset($ph1ent['reauth_enable']) && !empty($ph1ent['lifetime']) && !empty($ph1ent['margintime'])) {
// XXX: should probably move to a gui setting for reauth_time and deprecate "Disable Reauth"
$connection['reauth_time'] = ($ph1ent['lifetime'] - $ph1ent['margintime']) . ' s';