diff options
author | jim-p <jimp@netgate.com> | 2018-08-31 09:54:39 -0400 |
---|---|---|
committer | jim-p <jimp@netgate.com> | 2018-08-31 09:54:39 -0400 |
commit | 74e4543842c47efda37e3b078b8e5cc3f54ce9ba (patch) | |
tree | e63caa98531baf3eee102267828ed5e105e53068 | |
parent | b5a4633f9ffeb365aba1d8b451f3638b37452b23 (diff) | |
download | pfsense-74e4543842c47efda37e3b078b8e5cc3f54ce9ba.zip pfsense-74e4543842c47efda37e3b078b8e5cc3f54ce9ba.tar.gz |
Move IPsec VTI interface cleanup list. Fixes #8858
Generate the cleanup list before the P1 loop but after the initial
interface configuration.
-rw-r--r-- | src/etc/inc/vpn.inc | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/src/etc/inc/vpn.inc b/src/etc/inc/vpn.inc index bd688e1..0f679a1 100644 --- a/src/etc/inc/vpn.inc +++ b/src/etc/inc/vpn.inc @@ -371,6 +371,12 @@ function vpn_ipsec_configure($restart = false) { unset($ipsecpinghosts); } unset($iflist); + /* Build a list of all IPsec interfaces configured on the firewall at the OS level */ + foreach (get_interface_arr() as $thisif) { + if (substr($thisif, 0, 5) == "ipsec") { + $ipsec_vti_cleanup_ifs[] = $thisif; + } + } $accept_unencrypted = ""; if (isset($config['ipsec']['acceptunencryptedmainmode'])) { @@ -1412,12 +1418,6 @@ EOD; $ipsecconnect .= "\taggressive = {$aggressive}\n"; } - /* Build a list of all IPsec interfaces configured on the firewall at the OS level */ - foreach (get_interface_arr() as $thisif) { - if (substr($thisif, 0, 5) == "ipsec") { - $ipsec_vti_cleanup_ifs[] = $thisif; - } - } if (!isset($ph1ent['mobile']) && ($keyexchange == 'ikev1' || isset($ph1ent['splitconn']))) { if (!empty($rightsubnet_spec)) { $ipsecfin = ''; |