VPN: IPsec: Advanced Settings - passthrough networks should be added when specified to prevent overlapping "Connections" missing them when no legacy tunnels are used.

2026-03-13 16:14:40 +00:00 · 2023-07-20 16:25:47 +02:00 · 2023-07-20 16:25:47 +02:00 · 67addc6577
commit 67addc6577
parent 4c6e3a1e08
1 changed files with 14 additions and 14 deletions
--- a/src/etc/inc/plugins.inc.d/ipsec.inc
+++ b/src/etc/inc/plugins.inc.d/ipsec.inc
@ -1319,21 +1319,21 @@ function ipsec_configure_do($verbose = false, $interface = '')
    $swanctl = (new \OPNsense\IPsec\Swanctl())->getConfig();
    $swanctl['secrets'] = ipsec_write_secrets();

+    if (!empty($config['ipsec']['passthrough_networks'])) {
+        $swanctl['connections']['pass'] = [
+            'remote_addrs' => '127.0.0.1',
+            'unique' => 'replace',
+            'children' => [
+                'pass' => [
+                        'local_ts' => $config['ipsec']['passthrough_networks'],
+                        'remote_ts' => $config['ipsec']['passthrough_networks'],
+                        'mode' => 'pass',
+                        'start_action' => 'route'
+                    ]
+            ]
+        ];
+    }
    if (count($a_phase1)) {
-        if (!empty($config['ipsec']['passthrough_networks'])) {
-            $swanctl['connections']['pass'] = [
-                'remote_addrs' => '127.0.0.1',
-                'unique' => 'replace',
-                'children' => [
-                    'pass' => [
-                          'local_ts' => $config['ipsec']['passthrough_networks'],
-                          'remote_ts' => $config['ipsec']['passthrough_networks'],
-                          'mode' => 'pass',
-                          'start_action' => 'route'
-                      ]
-                ]
-            ];
-        }

        foreach ($a_phase1 as $ph1ent) {
            if (isset($ph1ent['disabled'])) {