summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSeth Mos <seth.mos@xs4all.nl>2008-01-14 21:34:17 +0000
committerSeth Mos <seth.mos@xs4all.nl>2008-01-14 21:34:17 +0000
commiteea540381999f7af8c721e79ea56278461d2f91c (patch)
treee8d32049163c38ad0574a26dddf177c69fc3718a
parentcb90b744c2841f6f2ab0dcec6bf516422db332cf (diff)
downloadpfsense-eea540381999f7af8c721e79ea56278461d2f91c.zip
pfsense-eea540381999f7af8c721e79ea56278461d2f91c.tar.gz
Make 3 passes at loading the SPD entries as this will fail on large configurations > 250 tunnels.
Tested by smos@ 399 tunnels, 239 active, ok by sullrich@
-rw-r--r--etc/inc/vpn.inc58
1 files changed, 31 insertions, 27 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc
index 2a6ecf0..11c1b03 100644
--- a/etc/inc/vpn.inc
+++ b/etc/inc/vpn.inc
@@ -608,39 +608,43 @@ EOD;
if(is_process_running("racoon")) {
+ /* flush SPD entries */
+ mwexec("/sbin/setkey -FP");
+ $i = 0;
+ while($i < 2) {
+ /* load SPD */
+ mwexec("/bin/cat {$g['varetc_path']}/spd.conf | /usr/local/bin/slowdownpipe.sh | /sbin/setkey -c");
+ $i++;
+ }
/* We are already online, reload */
mwexec("/usr/bin/killall -HUP racoon");
- // sleep(2);
- /* flushie, flushie spds */
+ } else {
+ /* flush SA + SPD entries*/
mwexec("/sbin/setkey -FP");
mwexec("/sbin/setkey -F");
- /* load SPD */
- mwexec("/bin/cat {$g['varetc_path']}/spd.conf | /usr/local/bin/slowdownpipe.sh | /sbin/setkey -c");
- sleep(1);
- } else {
+ $i = 0;
+ while($i < 2) {
+ /* load SPD */
+ mwexec("/bin/cat {$g['varetc_path']}/spd.conf | /usr/local/bin/slowdownpipe.sh | /sbin/setkey -c");
+ $i++;
+ }
/* start racoon */
mwexec("/usr/local/sbin/racoon -f {$g['varetc_path']}/racoon.conf");
- /* sleep for a bit */
- // sleep (2);
- /* flushie, flushie spds */
- mwexec("/sbin/setkey -FP");
- mwexec("/sbin/setkey -F");
- /* load SPD */
- mwexec("/bin/cat {$g['varetc_path']}/spd.conf | /usr/local/bin/slowdownpipe.sh | /sbin/setkey -c");
- sleep(1);
- /* start dnswatch, if necessary */
- if (count($dnswatch_list) > 0) {
- $interval = 60;
- if ($ipseccfg['dns-interval'])
- $interval = $ipseccfg['dns-interval'];
-
- $hostnames = "";
- foreach ($dnswatch_list as $dns)
- $hostnames .= " " . escapeshellarg($dns);
+
+ /* start dnswatch, if necessary */
+ if (count($dnswatch_list) > 0) {
+ $interval = 60;
+ if ($ipseccfg['dns-interval'])
+ $interval = $ipseccfg['dns-interval'];
- mwexec("/usr/local/bin/dnswatch {$g['varrun_path']}/dnswatch-ipsec.pid $interval " .
- escapeshellarg("/etc/rc.newipsecdns") . $hostnames);
- }
+ $hostnames = "";
+ foreach ($dnswatch_list as $dns) {
+ $hostnames .= " " . escapeshellarg($dns);
+
+ mwexec("/usr/local/bin/dnswatch {$g['varrun_path']}/dnswatch-ipsec.pid $interval " .
+ escapeshellarg("/etc/rc.newipsecdns") . $hostnames);
+ }
+ }
}
if (is_array($ipseccfg['tunnel'])) {
@@ -1347,4 +1351,4 @@ function vpn_ipsec_force_reload() {
}
-?> \ No newline at end of file
+?>
OpenPOWER on IntegriCloud