diff options
| author | Renato Botelho <renato@netgate.com> | 2016-01-20 15:15:11 -0200 |
|---|---|---|
| committer | Renato Botelho <renato@netgate.com> | 2016-01-20 15:16:49 -0200 |
| commit | 2a44b0eb13036701d6265bbffc633fa0deb81bfa (patch) | |
| tree | 8d417bb5d180f53533e2f154dd90b17b0ab5b560 | |
| parent | de985aea1787518ed6011256a1d73f0c6135cc90 (diff) | |
| download | pfsense-2a44b0eb13036701d6265bbffc633fa0deb81bfa.zip pfsense-2a44b0eb13036701d6265bbffc633fa0deb81bfa.tar.gz | |
Fix #4178:
- Stop moving unity .so file around to make it not being loaded
- Include all modules default .conf file from strongswan.d/charon
- After default files are included, define custom settings
- When unity is disabled, add a rule to make strongswan to not load it
| -rw-r--r-- | src/etc/inc/vpn.inc | 22 |
1 files changed, 9 insertions, 13 deletions
diff --git a/src/etc/inc/vpn.inc b/src/etc/inc/vpn.inc index 1052720..d3bcb47 100644 --- a/src/etc/inc/vpn.inc +++ b/src/etc/inc/vpn.inc @@ -434,19 +434,7 @@ function vpn_ipsec_configure($restart = false) { $i_dont_care_about_security_and_use_aggressive_mode_psk = "i_dont_care_about_security_and_use_aggressive_mode_psk=yes"; } - $unity_enabled = 'yes'; - if (isset($config['ipsec']['unityplugin'])) { - $unity_enabled = 'no'; - if (file_exists("/usr/local/lib/ipsec/plugins/libstrongswan-unity.so")) { - conf_mount_rw(); - mwexec("mv /usr/local/lib/ipsec/plugins/libstrongswan-unity.so /usr/local/lib/ipsec/plugins/libstrongswan-unity.MOVED"); - conf_mount_ro(); - } - } else if (file_exists("/usr/local/lib/ipsec/plugins/libstrongswan-unity.MOVED")) { - conf_mount_rw(); - mwexec("mv /usr/local/lib/ipsec/plugins/libstrongswan-unity.MOVED /usr/local/lib/ipsec/plugins/libstrongswan-unity.so"); - conf_mount_ro(); - } + $unity_enabled = isset($config['ipsec']['unityplugin']) ? 'no' : 'yes'; $makebeforebreak = ''; if (isset($config['ipsec']['makebeforebreak'])) { @@ -487,6 +475,7 @@ charon { ikesa_table_segments = 4 init_limit_half_open = 1000 install_routes = no + load_modular = yes {$i_dont_care_about_security_and_use_aggressive_mode_psk} {$accept_unencrypted} cisco_unity = {$unity_enabled} @@ -507,10 +496,17 @@ charon { } plugins { + # Load defaults + include {$g['varetc_path']}/ipsec/strongswan.d/charon/*.conf + stroke { secrets_file = {$g['varetc_path']}/ipsec/ipsec.secrets } + unity { + load = {$unity_enabled} + } + EOD; /* Find RADIUS servers designated for Mobile IPsec user auth */ |
