--- etc/inc/vpn.inc	Sun May 16 07:09:58 2004
+++ etc/inc/vpn.inc	Sat May 22 11:39:20 2004
@@ -107,6 +107,11 @@
 						continue;
 					
 					vpn_localnet_determine($tunnel['local-subnet'], $sa, $sn);
+					if ((!$nocryptlocal) && (isset($ipseccfg['nocryptlocal']))) {   
+						$spdconf .= "spdadd {$sa}/{$sn} {$sa}/{$sn} any -P in none;\n";   
+						$spdconf .= "spdadd {$sa}/{$sn} {$sa}/{$sn} any -P out none;\n";   
+						$nocryptlocal++;
+					}
 					
 					$spdconf .= "spdadd {$sa}/{$sn} " . 
 						"{$tunnel['remote-subnet']} any -P out ipsec " . 
--- usr/local/www/vpn_ipsec.php	Sun May 16 07:09:57 2004
+++ usr/local/www/vpn_ipsec.php	Sat May 22 11:42:51 2004
@@ -38,6 +38,7 @@
 $wancfg = &$config['interfaces']['wan'];
 
 $pconfig['enable'] = isset($config['ipsec']['enable']);
+$pconfig['nocryptlocal'] = isset($config['ipsec']['nocryptlocal']);
 
 if ($_POST) {
 
@@ -54,6 +55,7 @@
 		$pconfig = $_POST;
 		
 		$config['ipsec']['enable'] = $_POST['enable'] ? true : false;
+		$config['ipsec']['nocryptlocal'] = $_POST['nocryptlocal'] ? true : false;
 		
 		write_config();
 	
@@ -114,6 +116,13 @@
                       <strong>Enable IPsec<br>
                       </strong></p></td>
                 </tr>
+		<tr>
+		  <td class="vtable"><p><span class="vexpl"> </span>
+		      <input name="nocryptlocal" type="checkbox" id="nocryptlocal" value="yes" <?php if ($pconfig['nocryptlocal'] == "yes") echo "checked";?>>
+                      <strong>Ensure LAN traffic is not encrypted<br>
+                      </strong>Turning this option on will add policies that ensure that your LAN traffic doesn't get encrypted.  Most people can leave this off.  If you loose connectivity to the m0n0wall itself after bringing up your tunnels, turn this option on.</p></td>
+
+		</tr>
                 <tr> 
                   <td> <input name="submit" type="submit" class="formbtn" value="Save"> 
                   </td>