From b2d5dd6d4fedd97e8cdf66a94672ce54430dc9a8 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Wed, 19 May 2010 19:47:48 +0200 Subject: [PATCH] IPSec: add lefthostaccess=yes to enable access to the gw itself. --- config/rootfiles/core/38/update.sh | 3 ++- html/cgi-bin/vpnmain.cgi | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/config/rootfiles/core/38/update.sh b/config/rootfiles/core/38/update.sh index 68c892d789..9a95149ad6 100644 --- a/config/rootfiles/core/38/update.sh +++ b/config/rootfiles/core/38/update.sh @@ -181,12 +181,13 @@ cat /var/ipfire/vpn/ipsec.conf.org | \ grep -v "disablearrivalcheck=" | \ grep -v "klipsdebug=" | \ grep -v "leftfirewall=" | \ +grep -v "lefthostaccess=" | \ grep -v "charonstart=" | \ grep -v "aggrmode=" > /var/ipfire/vpn/ipsec.conf sed -i "s|ipsec[0-9]=||g" /var/ipfire/vpn/ipsec.conf sed -i "s|nat_t ||g" /var/ipfire/vpn/ipsec.conf sed -i "s|klips ||g" /var/ipfire/vpn/ipsec.conf -sed -i "s|^conn [A-Za-z].*$|&\n\tleftfirewall=yes|g" /var/ipfire/vpn/ipsec.conf +sed -i "s|^conn [A-Za-z].*$|&\n\tleftfirewall=yes\n\tlefthostaccess=yes|g" /var/ipfire/vpn/ipsec.conf sed -i "s|^config setup$|&\n\tcharonstart=no|g" /var/ipfire/vpn/ipsec.conf chown nobody:nobody /var/ipfire/vpn/ipsec.conf chmod 644 /var/ipfire/vpn/ipsec.conf diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi index 28ac30e8ec..85bb713c32 100644 --- a/html/cgi-bin/vpnmain.cgi +++ b/html/cgi-bin/vpnmain.cgi @@ -316,6 +316,7 @@ sub writeipsecfiles { print CONF "\tleftnexthop=%defaultroute\n" if ($lconfighash{$key}[26] eq 'RED' && $lvpnsettings{'VPN_IP'} ne '%defaultroute'); print CONF "\tleftsubnet=$lconfighash{$key}[8]\n"; print CONF "\tleftfirewall=yes\n"; + print CONF "\tlefthostaccess=yes\n"; print CONF "\tright=$lconfighash{$key}[10]\n"; if ($lconfighash{$key}[3] eq 'net') { -- 2.39.2