diff options
author | Ermal LUÇI <eri@pfsense.org> | 2015-04-18 10:34:46 +0200 |
---|---|---|
committer | Ermal LUÇI <eri@pfsense.org> | 2015-04-18 10:35:51 +0200 |
commit | 1d839e6da61e7ce8eca949111ab41e59744d5e1e (patch) | |
tree | ba164760538f3f9b27b607bcf46debb5f3b2d098 /etc/inc/vpn.inc | |
parent | e6130125dc49d005ac2c503be8a374cae375e16c (diff) | |
download | pfsense-1d839e6da61e7ce8eca949111ab41e59744d5e1e.zip pfsense-1d839e6da61e7ce8eca949111ab41e59744d5e1e.tar.gz |
Implement make bofre break feature avaliable on strongswan 5.3.0 useful for IKEv2. Fixes #4626
Diffstat (limited to 'etc/inc/vpn.inc')
-rw-r--r-- | etc/inc/vpn.inc | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 103bd70..4dbf94b 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -322,7 +322,12 @@ function vpn_ipsec_configure($restart = false) mwexec("mv /usr/local/lib/ipsec/plugins/libstrongswan-unity.MOVED /usr/local/lib/ipsec/plugins/libstrongswan-unity.so"); conf_mount_ro(); } - + + $makebeforebreak = ''; + if (isset($config['ipsec']['makebeforebreak'])) { + $makebeforebreak = 'make_before_break = yes'; + } + if (isset($config['ipsec']['enableinterfacesuse'])) { if (!empty($ifacesuse)) { $ifacesuse = 'interfaces_use = ' . implode(',', array_unique($ifacesuse)); @@ -353,6 +358,7 @@ install_routes = no {$accept_unencrypted} cisco_unity = {$unity_enabled} {$ifacesuse} +{$makebeforebreak} # And two loggers using syslog. The subsections define the facility to log # to, currently one of: daemon, auth. |