diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2004-11-19 23:05:52 +0000 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2004-11-19 23:05:52 +0000 |
| commit | 1b2808f1f8cd7d45befa4209c677ebe56d294432 (patch) | |
| tree | c37ee8634c865fc6416dc641409b25b5c529edda /etc/inc/vpn.inc | |
| parent | a615fd33ac6b0380288154e4c22430a03df6b436 (diff) | |
| download | pfsense-1b2808f1f8cd7d45befa4209c677ebe56d294432.zip pfsense-1b2808f1f8cd7d45befa4209c677ebe56d294432.tar.gz | |
bug fix: Honour newer sa setting
Diffstat (limited to 'etc/inc/vpn.inc')
| -rw-r--r-- | etc/inc/vpn.inc | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index bf26aae..213aeeb 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -51,8 +51,9 @@ function vpn_ipsec_configure($ipchg = false) { global $config, $g; if(isset($config['ipsec']['preferredoldsa'])) { - // Set sysctl -w net.key.preferred_oldsa=0 - mwexec("sysctl -w net.key.preferred_oldsa=0"); + mwexec("/sbin/sysctl net.key.preferred_oldsa=0"); + } else { + mwexec("/sbin/sysctl -w net.key.preferred_oldsa=-30"); } $number_of_gifs = find_last_gif_device(); @@ -89,9 +90,6 @@ function vpn_ipsec_configure($ipchg = false) { mwexec("/usr/sbin/setkey -FP"); mwexec("/usr/sbin/setkey -F"); - /* prefer old SAs only for 30 seconds, then use the new one */ - mwexec("/sbin/sysctl -w net.key.preferred_oldsa=-30"); - if (isset($ipseccfg['enable'])) { if (!$curwanip) { |
