diff options
| author | Seth Mos <seth.mos@xs4all.nl> | 2008-01-14 21:34:17 +0000 |
|---|---|---|
| committer | Seth Mos <seth.mos@xs4all.nl> | 2008-01-14 21:34:17 +0000 |
| commit | eea540381999f7af8c721e79ea56278461d2f91c (patch) | |
| tree | e8d32049163c38ad0574a26dddf177c69fc3718a | |
| parent | cb90b744c2841f6f2ab0dcec6bf516422db332cf (diff) | |
| download | pfsense-eea540381999f7af8c721e79ea56278461d2f91c.zip pfsense-eea540381999f7af8c721e79ea56278461d2f91c.tar.gz | |
Make 3 passes at loading the SPD entries as this will fail on large configurations > 250 tunnels.
Tested by smos@ 399 tunnels, 239 active, ok by sullrich@
| -rw-r--r-- | etc/inc/vpn.inc | 58 |
1 files changed, 31 insertions, 27 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 2a6ecf0..11c1b03 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -608,39 +608,43 @@ EOD; if(is_process_running("racoon")) { + /* flush SPD entries */ + mwexec("/sbin/setkey -FP"); + $i = 0; + while($i < 2) { + /* load SPD */ + mwexec("/bin/cat {$g['varetc_path']}/spd.conf | /usr/local/bin/slowdownpipe.sh | /sbin/setkey -c"); + $i++; + } /* We are already online, reload */ mwexec("/usr/bin/killall -HUP racoon"); - // sleep(2); - /* flushie, flushie spds */ + } else { + /* flush SA + SPD entries*/ mwexec("/sbin/setkey -FP"); mwexec("/sbin/setkey -F"); - /* load SPD */ - mwexec("/bin/cat {$g['varetc_path']}/spd.conf | /usr/local/bin/slowdownpipe.sh | /sbin/setkey -c"); - sleep(1); - } else { + $i = 0; + while($i < 2) { + /* load SPD */ + mwexec("/bin/cat {$g['varetc_path']}/spd.conf | /usr/local/bin/slowdownpipe.sh | /sbin/setkey -c"); + $i++; + } /* start racoon */ mwexec("/usr/local/sbin/racoon -f {$g['varetc_path']}/racoon.conf"); - /* sleep for a bit */ - // sleep (2); - /* flushie, flushie spds */ - mwexec("/sbin/setkey -FP"); - mwexec("/sbin/setkey -F"); - /* load SPD */ - mwexec("/bin/cat {$g['varetc_path']}/spd.conf | /usr/local/bin/slowdownpipe.sh | /sbin/setkey -c"); - sleep(1); - /* start dnswatch, if necessary */ - if (count($dnswatch_list) > 0) { - $interval = 60; - if ($ipseccfg['dns-interval']) - $interval = $ipseccfg['dns-interval']; - - $hostnames = ""; - foreach ($dnswatch_list as $dns) - $hostnames .= " " . escapeshellarg($dns); + + /* start dnswatch, if necessary */ + if (count($dnswatch_list) > 0) { + $interval = 60; + if ($ipseccfg['dns-interval']) + $interval = $ipseccfg['dns-interval']; - mwexec("/usr/local/bin/dnswatch {$g['varrun_path']}/dnswatch-ipsec.pid $interval " . - escapeshellarg("/etc/rc.newipsecdns") . $hostnames); - } + $hostnames = ""; + foreach ($dnswatch_list as $dns) { + $hostnames .= " " . escapeshellarg($dns); + + mwexec("/usr/local/bin/dnswatch {$g['varrun_path']}/dnswatch-ipsec.pid $interval " . + escapeshellarg("/etc/rc.newipsecdns") . $hostnames); + } + } } if (is_array($ipseccfg['tunnel'])) { @@ -1347,4 +1351,4 @@ function vpn_ipsec_force_reload() { } -?>
\ No newline at end of file +?> |
