I just tested the latest vpn.inc with my home firewall that has 4+ ipsec links and it works fine. I'll be releasing a new version soon. Please be on the lookout for it and give it a try.
Scott On 8/12/05, Mike Sr <[EMAIL PROTECTED]> wrote: > Scott when you say try this do you mean to copy yours over writing what > is there now. I seem to be having the same issues with syntax errors and > just wanted to make sure I am reading you right :) > > Thanks, > Mike > > -----Original Message----- > From: M. Kohn [mailto:[EMAIL PROTECTED] > Sent: Friday, August 12, 2005 1:22 PM > To: support@pfsense.com > Subject: Re: [pfSense Support] Alert about pf rules syntax errors... > again... > > Hmmmmm.... don't work.... > > Seems to be something different. > > > If I check $tunnel is "Array" in /etc/inc/filter.inc > > --- > if(is_array($config['ipsec']['tunnel'])) { > foreach ($config['ipsec']['tunnel'] as $tunnel) { > if (is_array($tunnel)) { > $remote_gateway = $tunnel['remote-gateway']; > $local_subnet = return_vpn_subnet($tunnel['local-subnet']); > $ipfrules .= "pass quick on " . $wanif . " proto udp > .......... > --- > > it works... > > > My php ist not sooooo well - so I don't understand, why > $tunnel is not an array first time.... > > > Scott Ullrich schrieb: > > This is not the correct fix. Try this /etc/inc/vpn.inc. > > > > > http://pfsense.com/cgi-bin/cvsweb.cgi/pfSense/etc/inc/vpn.inc?rev=1.69;c > ontent-type=text%2Fplain > > > > On 8/12/05, M. Kohn <[EMAIL PROTECTED]> wrote: > > > >>Hi, > >> > >>small hint abut IPSec bug (I hope...): > >>(pfSense 0.75) > >> > >>The function filter_rules_generate() in > >>/etc/inc/filter.inc rules will try to set > >>the rules for IPSec: > >> > >>Line 2093 in /etc/inc/filter.inc: > >>--- > >> if(is_array($config['ipsec']['tunnel'])) { > >> foreach ($config['ipsec']['tunnel'] as $tunnel) { > >> $remote_gateway = $tunnel['remote-gateway']; > >>--- > >> > >>Normally no problem, but there is an "empty" tunnel definition > >>in $config['ipsec']['tunnel'], but I don't know why... > >> > >>So I added the following patch as a workaround, checking if > >>$tunnel['remote-gateway'] is empty: > >> > >>(see attached filter.diff) > >> > >> > >>PS: Should I better use CVSTRAC for such things? > >> > >> > >>--- filter.inc.org Fri Aug 12 12:56:44 2005 > >>+++ filter.inc Fri Aug 12 16:11:20 2005 > >>@@ -2091,6 +2091,7 @@ > >> } > >> if(is_array($config['ipsec']['tunnel'])) { > >> foreach ($config['ipsec']['tunnel'] as $tunnel) { > >>+ if (!empty($tunnel['remote-gateway'])) { > >> $remote_gateway = $tunnel['remote-gateway']; > >> $local_subnet = > return_vpn_subnet($tunnel['local-subnet']); > >> $ipfrules .= "pass quick on " . $wanif . " > proto udp from " . $ipsec_ip . " to " . $remote_gateway . " port = 500 > keep state label \"IPSEC: ". $tunnel['descr'] ." udp\"\n"; > >>@@ -2104,6 +2105,7 @@ > >> > >> $ipfrules .= "pass quick on " . $lanif . " > from " . $tunnel['remote-subnet'] . " to " . $local_subnet . " keep > state label \"IPSEC: " . $tunnel['descr'] ."\"\n"; > >> $ipfrules .= "pass quick on " . $lanif . " > from " . $local_subnet . " to " . $tunnel['remote-subnet'] . " keep > state label \"IPSEC: " . $tunnel['descr'] ."\"\n"; > >>+ } > >> } > >> } > >> > >> > >> > >> > >>--------------------------------------------------------------------- > >>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]