Turn off IPSEC net.inet.ip.ipsec_in_use when IPSEC is disabled

author: Scott Ullrich <sullrich@pfsense.org> 2009-10-28 15:46:33 -0400
committer: Scott Ullrich <sullrich@pfsense.org> 2009-10-28 15:46:33 -0400
commit: 84fa0d60e1f96e0d2b9b8f40b02e51815d4a643d (patch)
tree: e8c49a8a0bd0f9603ae300bed52fbe7439558910 /etc/inc/vpn.inc
parent: ad6722c52e908f473ce9034953d4718e5c94cb22 (diff)
download: pfsense-84fa0d60e1f96e0d2b9b8f40b02e51815d4a643d.zip
pfsense-84fa0d60e1f96e0d2b9b8f40b02e51815d4a643d.tar.gz
1 files changed, 5 insertions, 2 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc
index 95046ca..6073e6f 100644
--- a/etc/inc/vpn.inc
+++ b/etc/inc/vpn.inc
@@ -144,6 +144,9 @@ function vpn_ipsec_configure($ipchg = false)
 		/* flush SPD and SAD */
 		mwexec("/usr/local/sbin/setkey -FP");
 		mwexec("/usr/local/sbin/setkey -F");
+		
+		/* disallow IPSEC, it is off */
+		exec("/sbin/sysctl net.inet.ip.ipsec_in_use=0");
 
 		return true;
 	} else {
@@ -858,7 +861,7 @@ EOD;
  			sleep("0.1");
 			mwexec("/usr/local/sbin/setkey -F", false);
  			sleep("0.1");
-			exec("sysctl net.inet.ip.ipsec_in_use=1");
+			exec("/sbin/sysctl net.inet.ip.ipsec_in_use=1");
  			/* start racoon */
 			mwexec("/usr/local/sbin/racoon -f {$g['varetc_path']}/racoon.conf", false);
  			sleep("0.1");
@@ -1684,4 +1687,4 @@ function reload_tunnel_spd_policy($phase1, $phase2, $old_phase1, $old_phase2) {
 	return true;
 }
 
-?>
+?>
+\ No newline at end of file
author	Scott Ullrich <sullrich@pfsense.org>	2009-10-28 15:46:33 -0400
committer	Scott Ullrich <sullrich@pfsense.org>	2009-10-28 15:46:33 -0400
commit	84fa0d60e1f96e0d2b9b8f40b02e51815d4a643d (patch)
tree	e8c49a8a0bd0f9603ae300bed52fbe7439558910 /etc/inc/vpn.inc
parent	ad6722c52e908f473ce9034953d4718e5c94cb22 (diff)
download	pfsense-84fa0d60e1f96e0d2b9b8f40b02e51815d4a643d.zip pfsense-84fa0d60e1f96e0d2b9b8f40b02e51815d4a643d.tar.gz