diff options
author | jim-p <jimp@pfsense.org> | 2011-12-09 13:55:57 -0500 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2011-12-09 13:55:57 -0500 |
commit | 7dcf1cc77f4f7e061418b324a2632804634aa0fe (patch) | |
tree | c72f87ade5dfba196eac0d082e1fe51e3faf5b85 /etc/inc/vpn.inc | |
parent | 11f1c38c3c0b167deb2f1814312e1247becce5c6 (diff) | |
download | pfsense-7dcf1cc77f4f7e061418b324a2632804634aa0fe.zip pfsense-7dcf1cc77f4f7e061418b324a2632804634aa0fe.tar.gz |
Ensure we always write out a blank spd.conf if there are no phase 2 entries. If you delete the last phase 2 and then apply, it will still be in spd.conf and used by racoon even with no phase 2's configured.
Diffstat (limited to 'etc/inc/vpn.inc')
-rw-r--r-- | etc/inc/vpn.inc | 21 |
1 files changed, 10 insertions, 11 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 1707a31..6279a79 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -819,16 +819,15 @@ EOD; /* end racoon.conf */ /* generate IPsec policies */ - if (is_array($a_phase2) && count($a_phase2)) { - /* generate spd.conf */ - $fd = fopen("{$g['varetc_path']}/spd.conf", "w"); - if (!$fd) { - printf(gettext("Error: cannot open spd.conf in vpn_ipsec_configure().") . "\n"); - return 1; - } - - $spdconf = ""; + /* generate spd.conf */ + $fd = fopen("{$g['varetc_path']}/spd.conf", "w"); + if (!$fd) { + printf(gettext("Error: cannot open spd.conf in vpn_ipsec_configure().") . "\n"); + return 1; + } + $spdconf = ""; + if (is_array($a_phase2) && count($a_phase2)) { /* Try to prevent people from locking themselves out of webgui. Just in case. */ if ($config['interfaces']['lan']) { $lanip = get_interface_ip("lan"); @@ -925,9 +924,9 @@ EOD; mwexec("/sbin/route delete -host {$rgip}", true); } - fwrite($fd, $spdconf); - fclose($fd); } + fwrite($fd, $spdconf); + fclose($fd); /* needed for racoonctl admin socket */ if (!is_dir("/var/db/racoon")) |