diff options
author | jim-p <jimp@pfsense.org> | 2012-10-22 13:48:22 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2012-10-22 13:48:22 -0400 |
commit | ac91bae5af34b6361b70dd2c28df81c67c24a0bb (patch) | |
tree | b30a42ca8a033b3850e4af4b0c5faeed3802bd54 /etc/inc/vpn.inc | |
parent | 95799b92a767f9c353f7dfb2a44299a8f7699f81 (diff) | |
download | pfsense-ac91bae5af34b6361b70dd2c28df81c67c24a0bb.zip pfsense-ac91bae5af34b6361b70dd2c28df81c67c24a0bb.tar.gz |
Use a proposal check value of obey for all mobile, not just pure-PSK. (The docs recommend setting this, may as well make it the default)
Diffstat (limited to 'etc/inc/vpn.inc')
-rw-r--r-- | etc/inc/vpn.inc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 6e19738..b83edc8 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -536,9 +536,9 @@ function vpn_ipsec_configure($ipchg = false) if (isset($ph1ent['mobile'])) { $rgip = "anonymous"; $passive = "passive on;"; + $pcheck = !empty($ph1ent['proposal_check']) ? $ph1ent['proposal_check'] : $pcheck = "obey"; /* Mimic 1.2.3's behavior for pure-psk mobile tunnels */ if ($ph1ent['authentication_method'] == "pre_shared_key") { - $pcheck = !empty($ph1ent['proposal_check']) ? $ph1ent['proposal_check'] : $pcheck = "obey"; $genp = !empty($ph1ent['generate_policy']) ? $ph1ent['generate_policy'] : "on"; } else { $init = "off"; |