Revision 53475389
Added by Ermal Luçi over 10 years ago
| etc/inc/vpn.inc | ||
|---|---|---|
| 590 | 590 |
$ipsecconf .= "config setup\n\tuniqueids = {$uniqueids}\n";
|
| 591 | 591 |
$ipsecconf .= "\tcharondebug=\"" . vpn_ipsec_configure_loglevels(true) . "\"\n"; |
| 592 | 592 |
|
| 593 |
if (isset($config['ipsec']['shuntlaninterfaces'])) {
|
|
| 594 |
if ($config['interfaces']['lan']) {
|
|
| 595 |
$lanip = get_interface_ip("lan");
|
|
| 596 |
if (!empty($lanip) && is_ipaddrv4($lanip)) {
|
|
| 597 |
$lansn = get_interface_subnet("lan");
|
|
| 598 |
$lansa = gen_subnet($lanip, $lansn); |
|
| 599 |
$ipsecconf .= <<<EOD |
|
| 600 |
conn bypasslan |
|
| 601 |
leftsubnet={$lanip}/32
|
|
| 602 |
rightsubnet={$lansa}/{$lansn}
|
|
| 603 |
authby=never |
|
| 604 |
type=pass |
|
| 605 |
auto=route |
|
| 606 |
|
|
| 607 |
EOD; |
|
| 608 |
} |
|
| 609 |
} |
|
| 610 |
} |
|
| 611 |
|
|
| 593 | 612 |
foreach ($a_phase1 as $ph1ent) {
|
| 594 | 613 |
if (isset($ph1ent['disabled'])) |
| 595 | 614 |
continue; |
Also available in: Unified diff
Fixes #4504 Allow the bypass policy for LAN to be enabled and prevent traffic sent to lan ip to go to the ipsec tunnel