This is not the correct fix. Try this /etc/inc/vpn.inc. http://pfsense.com/cgi-bin/cvsweb.cgi/pfSense/etc/inc/vpn.inc?rev=1.69;content-type=text%2Fplain
On 8/12/05, M. Kohn <[EMAIL PROTECTED]> wrote: > Hi, > > small hint abut IPSec bug (I hope...): > (pfSense 0.75) > > The function filter_rules_generate() in > /etc/inc/filter.inc rules will try to set > the rules for IPSec: > > Line 2093 in /etc/inc/filter.inc: > --- > if(is_array($config['ipsec']['tunnel'])) { > foreach ($config['ipsec']['tunnel'] as $tunnel) { > $remote_gateway = $tunnel['remote-gateway']; > --- > > Normally no problem, but there is an "empty" tunnel definition > in $config['ipsec']['tunnel'], but I don't know why... > > So I added the following patch as a workaround, checking if > $tunnel['remote-gateway'] is empty: > > (see attached filter.diff) > > > PS: Should I better use CVSTRAC for such things? > > > --- filter.inc.org Fri Aug 12 12:56:44 2005 > +++ filter.inc Fri Aug 12 16:11:20 2005 > @@ -2091,6 +2091,7 @@ > } > if(is_array($config['ipsec']['tunnel'])) { > foreach ($config['ipsec']['tunnel'] as $tunnel) { > + if (!empty($tunnel['remote-gateway'])) { > $remote_gateway = $tunnel['remote-gateway']; > $local_subnet = > return_vpn_subnet($tunnel['local-subnet']); > $ipfrules .= "pass quick on " . $wanif . " proto udp > from " . $ipsec_ip . " to " . $remote_gateway . " port = 500 keep state label > \"IPSEC: ". $tunnel['descr'] ." udp\"\n"; > @@ -2104,6 +2105,7 @@ > > $ipfrules .= "pass quick on " . $lanif . " from " . > $tunnel['remote-subnet'] . " to " . $local_subnet . " keep state label > \"IPSEC: " . $tunnel['descr'] ."\"\n"; > $ipfrules .= "pass quick on " . $lanif . " from " . > $local_subnet . " to " . $tunnel['remote-subnet'] . " keep state label > \"IPSEC: " . $tunnel['descr'] ."\"\n"; > + } > } > } > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]