diff options
| author | Ermal <eri@pfsense.org> | 2014-09-12 19:40:33 +0200 |
|---|---|---|
| committer | Ermal <eri@pfsense.org> | 2014-09-12 19:40:33 +0200 |
| commit | 3b9ef0ef3986b492cd8d4288b31ecfb58ea54afa (patch) | |
| tree | f8a6cb0a84309670b467f878f1288704894f0ed0 | |
| parent | 16c0272244e10b3b0c847eb6efc4bf611b4e4667 (diff) | |
| download | pfsense-3b9ef0ef3986b492cd8d4288b31ecfb58ea54afa.zip pfsense-3b9ef0ef3986b492cd8d4288b31ecfb58ea54afa.tar.gz | |
Inverse the sense of the toggles to avoid configuration upgrades
| -rw-r--r-- | etc/inc/vpn.inc | 8 | ||||
| -rw-r--r-- | usr/local/www/vpn_ipsec_phase1.php | 10 |
2 files changed, 8 insertions, 10 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index cd07f34..dd70c6a 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -616,13 +616,13 @@ EOD; $left_spec = $ep; if (isset($ph1ent['reauth_enable'])) - $reauth = "reauth = yes"; - else $reauth = "reauth = no"; - if (isset($ph1ent['rekey_enable'])) - $rekey = "rekey = yes"; else + $reauth = "reauth = yes"; + if (isset($ph1ent['rekey_enable'])) $rekey = "rekey = no"; + else + $rekey = "rekey = yes"; $ipseclifetime = 0; $rightsubnet_spec = array(); diff --git a/usr/local/www/vpn_ipsec_phase1.php b/usr/local/www/vpn_ipsec_phase1.php index ed941d6..21d6699 100644 --- a/usr/local/www/vpn_ipsec_phase1.php +++ b/usr/local/www/vpn_ipsec_phase1.php @@ -107,9 +107,9 @@ if (isset($p1index) && $a_phase1[$p1index]) { $pconfig['descr'] = $a_phase1[$p1index]['descr']; $pconfig['nat_traversal'] = $a_phase1[$p1index]['nat_traversal']; - if (isset($a_phase1[$p1index]['reauth_enable'])) + if (!isset($a_phase1[$p1index]['reauth_enable'])) $pconfig['reauth_enable'] = true; - if (isset($a_phase1[$p1index]['rekey_enable'])) + if (!isset($a_phase1[$p1index]['rekey_enable'])) $pconfig['rekey_enable'] = true; if ($a_phase1[$p1index]['dpd_delay'] && $a_phase1[$p1index]['dpd_maxfail']) { @@ -133,8 +133,6 @@ if (isset($p1index) && $a_phase1[$p1index]) { $pconfig['lifetime'] = "28800"; $pconfig['nat_traversal'] = "on"; $pconfig['dpd_enable'] = true; - $pconfig['rekey_enable'] = true; - $pconfig['reauth_enable'] = true; $pconfig['iketype'] = "ikev1"; /* mobile client */ @@ -845,14 +843,14 @@ function dpdchkbox_change() { <td colspan="2" valign="top" class="listtopic"><?=gettext("Advanced Options"); ?></td> </tr> <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Rekey");?></td> + <td width="22%" valign="top" class="vncell"><?=gettext("Disable Rekey");?></td> <td width="78%" class="vtable"> <input name="rekey_enable" type="checkbox" id="rekey_enable" value="yes" <?php if (isset($pconfig['rekey_enable'])) echo "checked=\"checked\""; ?> /> <?=gettext("Whether a connection should be renegotiated when it is about to expire."); ?><br /> </td> </tr> <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Reauth");?></td> + <td width="22%" valign="top" class="vncell"><?=gettext("Disable Reauth");?></td> <td width="78%" class="vtable"> <input name="reauth_enable" type="checkbox" id="reauth_enable" value="yes" <?php if (isset($pconfig['reauth_enable'])) echo "checked=\"checked\""; ?> /> <?=gettext("whether rekeying of an IKE_SA should also reauthenticate the peer. In IKEv1, reauthentication is always don.."); ?><br /> |
