Scott when you say try this do you mean to copy yours over writing what is there now. I seem to be having the same issues with syntax errors and just wanted to make sure I am reading you right :)
Thanks, Mike -----Original Message----- From: M. Kohn [mailto:[EMAIL PROTECTED] Sent: Friday, August 12, 2005 1:22 PM To: [email protected] Subject: Re: [pfSense Support] Alert about pf rules syntax errors... again... Hmmmmm.... don't work.... Seems to be something different. If I check $tunnel is "Array" in /etc/inc/filter.inc --- if(is_array($config['ipsec']['tunnel'])) { foreach ($config['ipsec']['tunnel'] as $tunnel) { if (is_array($tunnel)) { $remote_gateway = $tunnel['remote-gateway']; $local_subnet = return_vpn_subnet($tunnel['local-subnet']); $ipfrules .= "pass quick on " . $wanif . " proto udp .......... --- it works... My php ist not sooooo well - so I don't understand, why $tunnel is not an array first time.... Scott Ullrich schrieb: > This is not the correct fix. Try this /etc/inc/vpn.inc. > > http://pfsense.com/cgi-bin/cvsweb.cgi/pfSense/etc/inc/vpn.inc?rev=1.69;c ontent-type=text%2Fplain > > On 8/12/05, M. Kohn <[EMAIL PROTECTED]> wrote: > >>Hi, >> >>small hint abut IPSec bug (I hope...): >>(pfSense 0.75) >> >>The function filter_rules_generate() in >>/etc/inc/filter.inc rules will try to set >>the rules for IPSec: >> >>Line 2093 in /etc/inc/filter.inc: >>--- >> if(is_array($config['ipsec']['tunnel'])) { >> foreach ($config['ipsec']['tunnel'] as $tunnel) { >> $remote_gateway = $tunnel['remote-gateway']; >>--- >> >>Normally no problem, but there is an "empty" tunnel definition >>in $config['ipsec']['tunnel'], but I don't know why... >> >>So I added the following patch as a workaround, checking if >>$tunnel['remote-gateway'] is empty: >> >>(see attached filter.diff) >> >> >>PS: Should I better use CVSTRAC for such things? >> >> >>--- filter.inc.org Fri Aug 12 12:56:44 2005 >>+++ filter.inc Fri Aug 12 16:11:20 2005 >>@@ -2091,6 +2091,7 @@ >> } >> if(is_array($config['ipsec']['tunnel'])) { >> foreach ($config['ipsec']['tunnel'] as $tunnel) { >>+ if (!empty($tunnel['remote-gateway'])) { >> $remote_gateway = $tunnel['remote-gateway']; >> $local_subnet = return_vpn_subnet($tunnel['local-subnet']); >> $ipfrules .= "pass quick on " . $wanif . " proto udp from " . $ipsec_ip . " to " . $remote_gateway . " port = 500 keep state label \"IPSEC: ". $tunnel['descr'] ." udp\"\n"; >>@@ -2104,6 +2105,7 @@ >> >> $ipfrules .= "pass quick on " . $lanif . " from " . $tunnel['remote-subnet'] . " to " . $local_subnet . " keep state label \"IPSEC: " . $tunnel['descr'] ."\"\n"; >> $ipfrules .= "pass quick on " . $lanif . " from " . $local_subnet . " to " . $tunnel['remote-subnet'] . " keep state label \"IPSEC: " . $tunnel['descr'] ."\"\n"; >>+ } >> } >> } >> >> >> >> >>--------------------------------------------------------------------- >>To unsubscribe, e-mail: [EMAIL PROTECTED] >>For additional commands, e-mail: [EMAIL PROTECTED] >> >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
