Hmmmmm.... don't work....
Seems to be something different.
If I check $tunnel is "Array" in /etc/inc/filter.inc
---
if(is_array($config['ipsec']['tunnel'])) {
foreach ($config['ipsec']['tunnel'] as $tunnel) {
if (is_array($tunnel)) {
$remote_gateway = $tunnel['remote-gateway'];
$local_subnet = return_vpn_subnet($tunnel['local-subnet']);
$ipfrules .= "pass quick on " . $wanif . " proto udp ..........
---
it works...
My php ist not sooooo well - so I don't understand, why
$tunnel is not an array first time....
Scott Ullrich schrieb:
> This is not the correct fix. Try this /etc/inc/vpn.inc.
>
> http://pfsense.com/cgi-bin/cvsweb.cgi/pfSense/etc/inc/vpn.inc?rev=1.69;content-type=text%2Fplain
>
> On 8/12/05, M. Kohn <[EMAIL PROTECTED]> wrote:
>
>>Hi,
>>
>>small hint abut IPSec bug (I hope...):
>>(pfSense 0.75)
>>
>>The function filter_rules_generate() in
>>/etc/inc/filter.inc rules will try to set
>>the rules for IPSec:
>>
>>Line 2093 in /etc/inc/filter.inc:
>>---
>> if(is_array($config['ipsec']['tunnel'])) {
>> foreach ($config['ipsec']['tunnel'] as $tunnel) {
>> $remote_gateway = $tunnel['remote-gateway'];
>>---
>>
>>Normally no problem, but there is an "empty" tunnel definition
>>in $config['ipsec']['tunnel'], but I don't know why...
>>
>>So I added the following patch as a workaround, checking if
>>$tunnel['remote-gateway'] is empty:
>>
>>(see attached filter.diff)
>>
>>
>>PS: Should I better use CVSTRAC for such things?
>>
>>
>>--- filter.inc.org Fri Aug 12 12:56:44 2005
>>+++ filter.inc Fri Aug 12 16:11:20 2005
>>@@ -2091,6 +2091,7 @@
>> }
>> if(is_array($config['ipsec']['tunnel'])) {
>> foreach ($config['ipsec']['tunnel'] as $tunnel) {
>>+ if (!empty($tunnel['remote-gateway'])) {
>> $remote_gateway = $tunnel['remote-gateway'];
>> $local_subnet =
>> return_vpn_subnet($tunnel['local-subnet']);
>> $ipfrules .= "pass quick on " . $wanif . " proto udp
>> from " . $ipsec_ip . " to " . $remote_gateway . " port = 500 keep state
>> label \"IPSEC: ". $tunnel['descr'] ." udp\"\n";
>>@@ -2104,6 +2105,7 @@
>>
>> $ipfrules .= "pass quick on " . $lanif . " from " .
>> $tunnel['remote-subnet'] . " to " . $local_subnet . " keep state label
>> \"IPSEC: " . $tunnel['descr'] ."\"\n";
>> $ipfrules .= "pass quick on " . $lanif . " from " .
>> $local_subnet . " to " . $tunnel['remote-subnet'] . " keep state label
>> \"IPSEC: " . $tunnel['descr'] ."\"\n";
>>+ }
>> }
>> }
>>
>>
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: [EMAIL PROTECTED]
>>For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
