IPSec: add lefthostaccess=yes to enable access to the gw itself.
authorArne Fitzenreiter <arne_f@ipfire.org>
Wed, 19 May 2010 17:47:48 +0000 (19:47 +0200)
committerArne Fitzenreiter <arne_f@ipfire.org>
Wed, 19 May 2010 17:47:48 +0000 (19:47 +0200)
config/rootfiles/core/38/update.sh
html/cgi-bin/vpnmain.cgi

index 68c892d..9a95149 100644 (file)
@@ -181,12 +181,13 @@ cat /var/ipfire/vpn/ipsec.conf.org | \
 grep -v "disablearrivalcheck=" | \
 grep -v "klipsdebug=" | \
 grep -v "leftfirewall=" | \
+grep -v "lefthostaccess=" | \
 grep -v "charonstart=" | \
 grep -v "aggrmode=" > /var/ipfire/vpn/ipsec.conf
 sed -i "s|ipsec[0-9]=||g" /var/ipfire/vpn/ipsec.conf
 sed -i "s|nat_t ||g" /var/ipfire/vpn/ipsec.conf
 sed -i "s|klips ||g" /var/ipfire/vpn/ipsec.conf
-sed -i "s|^conn [A-Za-z].*$|&\n\tleftfirewall=yes|g" /var/ipfire/vpn/ipsec.conf
+sed -i "s|^conn [A-Za-z].*$|&\n\tleftfirewall=yes\n\tlefthostaccess=yes|g" /var/ipfire/vpn/ipsec.conf
 sed -i "s|^config setup$|&\n\tcharonstart=no|g" /var/ipfire/vpn/ipsec.conf
 chown nobody:nobody /var/ipfire/vpn/ipsec.conf
 chmod 644 /var/ipfire/vpn/ipsec.conf
index 28ac30e..85bb713 100644 (file)
@@ -316,6 +316,7 @@ sub writeipsecfiles {
        print CONF "\tleftnexthop=%defaultroute\n" if ($lconfighash{$key}[26] eq 'RED' && $lvpnsettings{'VPN_IP'} ne '%defaultroute');
        print CONF "\tleftsubnet=$lconfighash{$key}[8]\n";
        print CONF "\tleftfirewall=yes\n";
+       print CONF "\tlefthostaccess=yes\n";
 
        print CONF "\tright=$lconfighash{$key}[10]\n";
        if ($lconfighash{$key}[3] eq 'net') {