diff options
| author | Ermal <eri@pfsense.org> | 2014-08-01 20:52:46 +0000 |
|---|---|---|
| committer | Ermal <eri@pfsense.org> | 2014-08-01 20:52:46 +0000 |
| commit | f088b8cd6a0f7a9611da41477a565e9c4b502080 (patch) | |
| tree | 5de7059eb40dfc9774e45febd243bcb87d3f5c67 | |
| parent | 9b91568608add6749256d4c85b624985e53652e4 (diff) | |
| download | pfsense-f088b8cd6a0f7a9611da41477a565e9c4b502080.zip pfsense-f088b8cd6a0f7a9611da41477a565e9c4b502080.tar.gz | |
Do not try to rekey for IKEv1.
| -rw-r--r-- | etc/inc/vpn.inc | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 931373d..08eb743 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -539,8 +539,12 @@ EOD; $rgip = $ph1ent['remote-gateway']; $keyexchange = "ikev1"; - if (!empty($ph1ent['iketype']) && $ph1ent['iketype'] != "ikev1") + if (!empty($ph1ent['iketype']) && $ph1ent['iketype'] != "ikev1") { $keyexchange = "ikev2"; + $rekey = "rekey = yes"; + } else { + $rekey = "rekey = no"; + } list ($myid_type, $myid_data) = ipsec_find_id($ph1ent, "local"); list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, "peer", $rgmap); @@ -733,6 +737,7 @@ conn con{$ph1ent['ikeid']}-{$ph2ent['uniqid']} keyexchange = {$keyexchange} keyingtries = %forever reauth = yes + {$rekey} reqid = {$ikeid} installpolicy = yes {$ikelifeline} |
