From 67addc6577939aab2bfde3e75b4ea1fd0713c41d Mon Sep 17 00:00:00 2001 From: Ad Schellevis Date: Thu, 20 Jul 2023 16:25:47 +0200 Subject: [PATCH] VPN: IPsec: Advanced Settings - passthrough networks should be added when specified to prevent overlapping "Connections" missing them when no legacy tunnels are used. --- src/etc/inc/plugins.inc.d/ipsec.inc | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/src/etc/inc/plugins.inc.d/ipsec.inc b/src/etc/inc/plugins.inc.d/ipsec.inc index cf2b1b577..2de44393c 100644 --- a/src/etc/inc/plugins.inc.d/ipsec.inc +++ b/src/etc/inc/plugins.inc.d/ipsec.inc @@ -1319,21 +1319,21 @@ function ipsec_configure_do($verbose = false, $interface = '') $swanctl = (new \OPNsense\IPsec\Swanctl())->getConfig(); $swanctl['secrets'] = ipsec_write_secrets(); + if (!empty($config['ipsec']['passthrough_networks'])) { + $swanctl['connections']['pass'] = [ + 'remote_addrs' => '127.0.0.1', + 'unique' => 'replace', + 'children' => [ + 'pass' => [ + 'local_ts' => $config['ipsec']['passthrough_networks'], + 'remote_ts' => $config['ipsec']['passthrough_networks'], + 'mode' => 'pass', + 'start_action' => 'route' + ] + ] + ]; + } if (count($a_phase1)) { - if (!empty($config['ipsec']['passthrough_networks'])) { - $swanctl['connections']['pass'] = [ - 'remote_addrs' => '127.0.0.1', - 'unique' => 'replace', - 'children' => [ - 'pass' => [ - 'local_ts' => $config['ipsec']['passthrough_networks'], - 'remote_ts' => $config['ipsec']['passthrough_networks'], - 'mode' => 'pass', - 'start_action' => 'route' - ] - ] - ]; - } foreach ($a_phase1 as $ph1ent) { if (isset($ph1ent['disabled'])) {