diff options
| author | Ermal <eri@pfsense.org> | 2014-02-12 15:48:40 +0100 |
|---|---|---|
| committer | Ermal <eri@pfsense.org> | 2014-02-25 11:10:01 +0100 |
| commit | 7335fa538070b28498b34ca278e8a314a96a182a (patch) | |
| tree | 2bce64068da47bc259dd8dd6bbb1795057104280 | |
| parent | 042436e8f2e1ffee2411894fbb61ad961d13bf4f (diff) | |
| download | pfsense-7335fa538070b28498b34ca278e8a314a96a182a.zip pfsense-7335fa538070b28498b34ca278e8a314a96a182a.tar.gz | |
* Correct logging to syslog and proper file for ipsec from strongswan
* Use proper commands to reload strongswan rather than just the daemon
| -rw-r--r-- | etc/inc/system.inc | 4 | ||||
| -rw-r--r-- | etc/inc/vpn.inc | 22 |
2 files changed, 21 insertions, 5 deletions
diff --git a/etc/inc/system.inc b/etc/inc/system.inc index f92f499..421abad 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -640,7 +640,7 @@ function system_syslogd_start() { } if (isset($syslogcfg)) { - $separatelogfacilities = array('ntp','ntpd','ntpdate','racoon','openvpn','pptps','poes','l2tps','relayd','hostapd','dnsmasq','filterdns','unbound','dhcpd','dhcrelay','dhclient','apinger','radvd','routed','olsrd','zebra','ospfd','bgpd','miniupnpd'); + $separatelogfacilities = array('ntp','ntpd','ntpdate','charon','openvpn','pptps','poes','l2tps','relayd','hostapd','dnsmasq','filterdns','unbound','dhcpd','dhcrelay','dhclient','apinger','radvd','routed','olsrd','zebra','ospfd','bgpd','miniupnpd'); $syslogconf = ""; if($config['installedpackages']['package']) { foreach($config['installedpackages']['package'] as $package) { @@ -676,7 +676,7 @@ function system_syslogd_start() { if (!isset($syslogcfg['disablelocallogging'])) $syslogconf .= "*.* {$log_directive}{$g['varlog_path']}/l2tps.log\n"; - $syslogconf .= "!racoon\n"; + $syslogconf .= "!charon\n"; if (!isset($syslogcfg['disablelocallogging'])) $syslogconf .= "*.* {$log_directive}{$g['varlog_path']}/ipsec.log\n"; if (isset($syslogcfg['vpn'])) diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 966abb1..8b5354c 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -255,6 +255,20 @@ charon { # number of worker threads in charon threads = 16 + # And two loggers using syslog. The subsections define the facility to log + # to, currently one of: daemon, auth. + syslog { + + identifier = charon + # default level to the LOG_DAEMON facility + daemon { + } + # very minimalistic IKE auditing logs to LOG_AUTHPRIV + auth { + default = -1 + ike = 1 + } + } EOD; if (is_array($a_client) && isset($a_client['enable']) && !empty($a_client['net_list'])) @@ -811,9 +825,11 @@ EOD; /* generate IPsec policies */ $natfilterrules = false; /* mange process */ - if (is_process_running("charon")) { - sleep("0.1"); - mwexec("/usr/local/sbin/ipsec reloadall", false); + if (isvalidpid("{$g['varrun_path']/charon.pid")) { + /* Read secrets */ + mwexec("/usr/local/sbin/ipsec rereadall", false); + /* Update configuration changes */ + mwexec("/usr/local/sbin/ipsec update", false); } else { /* start racoon */ $ipsecdebug = isset($config['ipsec']['racoondebug']) ? "-d -v" : ""; |
