diff options
| author | Renato Botelho <garga@FreeBSD.org> | 2013-04-03 17:44:58 -0300 |
|---|---|---|
| committer | Renato Botelho <garga@FreeBSD.org> | 2013-04-04 09:06:07 -0300 |
| commit | aa752473de6736186ee0ab6355046b6383521091 (patch) | |
| tree | 97011dde375a7b21b0652d08554a578a796be3f1 /etc/inc/vpn.inc | |
| parent | 6c6ca768a0165db69c3a12fcb398c7b0be8925cb (diff) | |
| download | pfsense-aa752473de6736186ee0ab6355046b6383521091.zip pfsense-aa752473de6736186ee0ab6355046b6383521091.tar.gz | |
Only reload racoon when there is at least one tunnel enabled on the interface used to call rc.newwanip(v6). It fixes #2922
Diffstat (limited to 'etc/inc/vpn.inc')
| -rw-r--r-- | etc/inc/vpn.inc | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 787abd4..d43c069 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -998,12 +998,25 @@ EOD; * For all other occasions the normal vpn_ipsec_configure() * will gracefully reload the settings without restarting */ -function vpn_ipsec_force_reload() { - global $config; - global $g; +function vpn_ipsec_force_reload($interface = "") { + global $g, $config; $ipseccfg = $config['ipsec']; + if (!empty($interface) && is_array($ipseccfg['phase1'])) { + $found = false; + foreach ($ipseccfg['phase1'] as $ipsec) { + if (!isset($ipsec['disabled']) && ($ipsec['interface'] == $interface)) { + $found = true; + break; + } + } + if (!$found) { + log_error(sprintf(gettext("Ignoring IPsec racoon daemon reload since there are no tunnels on interface %s"), $interface)); + return; + } + } + /* send a SIGKILL to be sure */ killbypid("{$g['varrun_path']}/racoon.pid"); |
