diff options
author | Chris Buechler <cmb@pfsense.org> | 2015-04-16 12:34:46 -0500 |
---|---|---|
committer | Chris Buechler <cmb@pfsense.org> | 2015-04-16 12:34:46 -0500 |
commit | ff3c14a510141860973bc2923e3479ae0567d2e4 (patch) | |
tree | dc447acf1acfd9e71a383aede82af8f1dd9d4c23 /etc/inc/vpn.inc | |
parent | cc1f655f8e88ccda837e21d0646bbc71781198b9 (diff) | |
download | pfsense-ff3c14a510141860973bc2923e3479ae0567d2e4.zip pfsense-ff3c14a510141860973bc2923e3479ae0567d2e4.tar.gz |
Always do a filter reload in vpn_ipsec_configure to ensure the ruleset is
updated where necessary in every IPsec change scenario.
Diffstat (limited to 'etc/inc/vpn.inc')
-rw-r--r-- | etc/inc/vpn.inc | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index ccfbd12..5ae011b 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -104,6 +104,9 @@ function vpn_ipsec_configure($restart = false) /* get the automatic ping_hosts.sh ready */ unlink_if_exists("{$g['vardb_path']}/ipsecpinghosts"); touch("{$g['vardb_path']}/ipsecpinghosts"); + + /* service may have been enabled, disabled, or otherwise changed in a way requiring rule updates */ + filter_configure(); $syscfg = $config['system']; $ipseccfg = $config['ipsec']; @@ -120,8 +123,6 @@ function vpn_ipsec_configure($restart = false) mwexec("/sbin/ifconfig enc0 down"); set_single_sysctl("net.inet.ip.ipsec_in_use", "0"); - filter_configure(); - return 0; } |