Re: [pfSense Support] Alert about pf rules syntax errors... again...

Fri, 12 Aug 2005 08:26:30 -0700 

This is not the correct fix.  Try this /etc/inc/vpn.inc.

http://pfsense.com/cgi-bin/cvsweb.cgi/pfSense/etc/inc/vpn.inc?rev=1.69;content-type=text%2Fplain

On 8/12/05, M. Kohn <[EMAIL PROTECTED]> wrote:
> Hi,
> 
> small hint abut IPSec bug (I hope...):
> (pfSense 0.75)
> 
> The function filter_rules_generate() in
> /etc/inc/filter.inc rules will try to set
> the rules for IPSec:
> 
> Line 2093 in /etc/inc/filter.inc:
> ---
>         if(is_array($config['ipsec']['tunnel'])) {
>                 foreach ($config['ipsec']['tunnel'] as $tunnel) {
>                         $remote_gateway = $tunnel['remote-gateway'];
> ---
> 
> Normally no problem, but there is an "empty" tunnel definition
> in $config['ipsec']['tunnel'], but I don't know why...
> 
> So I added the following patch as a workaround, checking if
> $tunnel['remote-gateway'] is empty:
> 
> (see attached filter.diff)
> 
> 
> PS: Should I better use CVSTRAC for such things?
> 
> 
> --- filter.inc.org      Fri Aug 12 12:56:44 2005
> +++ filter.inc  Fri Aug 12 16:11:20 2005
> @@ -2091,6 +2091,7 @@
>         }
>         if(is_array($config['ipsec']['tunnel'])) {
>                 foreach ($config['ipsec']['tunnel'] as $tunnel) {
> +                       if (!empty($tunnel['remote-gateway'])) {
>                         $remote_gateway = $tunnel['remote-gateway'];
>                         $local_subnet = 
> return_vpn_subnet($tunnel['local-subnet']);
>                         $ipfrules .= "pass quick on " . $wanif . " proto udp 
> from " . $ipsec_ip . " to " . $remote_gateway . " port = 500 keep state label 
> \"IPSEC: ". $tunnel['descr'] ." udp\"\n";
> @@ -2104,6 +2105,7 @@
> 
>                         $ipfrules .= "pass quick on " . $lanif . " from " . 
> $tunnel['remote-subnet'] . " to " . $local_subnet . " keep state label 
> \"IPSEC:  " . $tunnel['descr'] ."\"\n";
>                         $ipfrules .= "pass quick on " . $lanif . " from " . 
> $local_subnet . " to " . $tunnel['remote-subnet'] . " keep state label 
> \"IPSEC:  " . $tunnel['descr'] ."\"\n";
> +                       }
>                 }
>         }
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to