diff options
| author | Renato Botelho <garga@FreeBSD.org> | 2013-04-03 17:44:58 -0300 |
|---|---|---|
| committer | Renato Botelho <garga@FreeBSD.org> | 2013-04-04 09:06:07 -0300 |
| commit | aa752473de6736186ee0ab6355046b6383521091 (patch) | |
| tree | 97011dde375a7b21b0652d08554a578a796be3f1 | |
| parent | 6c6ca768a0165db69c3a12fcb398c7b0be8925cb (diff) | |
| download | pfsense-aa752473de6736186ee0ab6355046b6383521091.zip pfsense-aa752473de6736186ee0ab6355046b6383521091.tar.gz | |
Only reload racoon when there is at least one tunnel enabled on the interface used to call rc.newwanip(v6). It fixes #2922
| -rw-r--r-- | etc/inc/vpn.inc | 19 | ||||
| -rwxr-xr-x | etc/rc.newwanip | 4 | ||||
| -rwxr-xr-x | etc/rc.newwanipv6 | 4 |
3 files changed, 20 insertions, 7 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 787abd4..d43c069 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -998,12 +998,25 @@ EOD; * For all other occasions the normal vpn_ipsec_configure() * will gracefully reload the settings without restarting */ -function vpn_ipsec_force_reload() { - global $config; - global $g; +function vpn_ipsec_force_reload($interface = "") { + global $g, $config; $ipseccfg = $config['ipsec']; + if (!empty($interface) && is_array($ipseccfg['phase1'])) { + $found = false; + foreach ($ipseccfg['phase1'] as $ipsec) { + if (!isset($ipsec['disabled']) && ($ipsec['interface'] == $interface)) { + $found = true; + break; + } + } + if (!$found) { + log_error(sprintf(gettext("Ignoring IPsec racoon daemon reload since there are no tunnels on interface %s"), $interface)); + return; + } + } + /* send a SIGKILL to be sure */ killbypid("{$g['varrun_path']}/racoon.pid"); diff --git a/etc/rc.newwanip b/etc/rc.newwanip index d678927..00c3ac3 100755 --- a/etc/rc.newwanip +++ b/etc/rc.newwanip @@ -171,7 +171,7 @@ if (is_ipaddr($oldip) && $curwanip == $oldip) { * could be failing back in which case we need to switch IPs back anyhow. */ /* reconfigure IPsec tunnels */ - vpn_ipsec_force_reload(); + vpn_ipsec_force_reload($interface); /* start OpenVPN server & clients */ if (substr($interface_real, 0, 4) != "ovpn") @@ -194,7 +194,7 @@ services_dnsupdate_process($interface); services_dyndns_configure($interface); /* reconfigure IPsec tunnels */ -vpn_ipsec_force_reload(); +vpn_ipsec_force_reload($interface); /* start OpenVPN server & clients */ if (substr($interface_real, 0, 4) != "ovpn") diff --git a/etc/rc.newwanipv6 b/etc/rc.newwanipv6 index 1bd4553..287ea6a 100755 --- a/etc/rc.newwanipv6 +++ b/etc/rc.newwanipv6 @@ -135,7 +135,7 @@ if (is_ipaddrv6($oldipv6)) { // Still need to sync VPNs on PPPoE and such, as even with the same IP the VPN software is unhappy with the IP disappearing. if (in_array($config['interfaces'][$interface]['ipaddrv6'], array('pppoe', 'pptp', 'ppp'))) { /* reconfigure IPsec tunnels */ - vpn_ipsec_force_reload(); + vpn_ipsec_force_reload($interface); /* start OpenVPN server & clients */ openvpn_resync_all($interface); @@ -154,7 +154,7 @@ services_dnsupdate_process($interface); services_dyndns_configure($interface); /* reconfigure IPsec tunnels */ -vpn_ipsec_force_reload(); +vpn_ipsec_force_reload($interface); /* start OpenVPN server & clients */ if (substr($interface_real, 0, 4) != "ovpn") |
