diff options
author | Chris Buechler <cmb@pfsense.org> | 2011-05-06 22:51:52 -0400 |
---|---|---|
committer | Chris Buechler <cmb@pfsense.org> | 2011-05-06 22:51:52 -0400 |
commit | 9c04a8c0799335774db5bb163bd59ff510c04e12 (patch) | |
tree | 4da3dbe0b69e81841c108f2179cc14078313e20f | |
parent | 5b06d9ccee67a8388ed2a215acf61e30620f45d7 (diff) | |
download | pfsense-9c04a8c0799335774db5bb163bd59ff510c04e12.zip pfsense-9c04a8c0799335774db5bb163bd59ff510c04e12.tar.gz |
passive should always be on for mobile clients per racoon man page
-rw-r--r-- | etc/inc/vpn.inc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 4dc9c6b..b414d4a 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -485,9 +485,9 @@ function vpn_ipsec_configure($ipchg = false) $passive = ""; if (isset($ph1ent['mobile'])) { $rgip = "anonymous"; + $passive = "passive on;"; /* Mimic 1.2.3's behavior for pure-psk mobile tunnels */ if ($ph1ent['authentication_method'] == "pre_shared_key") { - $passive = "passive on;"; $pcheck = !empty($ph1ent['proposal_check']) ? $ph1ent['proposal_check'] : $pcheck = "obey"; $genp = "on"; } else { |