diff options
author | Vinicius Coque <vinicius.coque@bluepex.com> | 2011-06-07 10:47:29 -0300 |
---|---|---|
committer | Vinicius Coque <vinicius.coque@bluepex.com> | 2011-06-07 10:47:29 -0300 |
commit | d8012adbce60d9a90dac54e5b7832f8fa7e82fb6 (patch) | |
tree | 1922288b0151aacb26a3091e9507f858473e3a22 /etc/inc/vpn.inc | |
parent | 669113f9d12a43391cd480390dfbfbecf55d544e (diff) | |
parent | 3f8a13e051d17b6240f30f9a0c284baa3a0559ac (diff) | |
download | pfsense-d8012adbce60d9a90dac54e5b7832f8fa7e82fb6.zip pfsense-d8012adbce60d9a90dac54e5b7832f8fa7e82fb6.tar.gz |
Merge remote-tracking branch 'mainline/master' into inc
Conflicts:
etc/inc/voucher.inc
usr/local/www/fbegin.inc
Diffstat (limited to 'etc/inc/vpn.inc')
-rw-r--r-- | etc/inc/vpn.inc | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 455c07d..bd985b2 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -481,7 +481,7 @@ function vpn_ipsec_configure($ipchg = false) $natt = $ph1ent['nat_traversal']; $init = "on"; - $genp = "off"; + $genp = !empty($ph1ent['generate_policy']) ? $ph1ent['generate_policy'] : "off"; $pcheck = !empty($ph1ent['proposal_check']) ? $ph1ent['proposal_check'] : $pcheck = "claim"; $passive = ""; if (isset($ph1ent['mobile'])) { @@ -490,10 +490,10 @@ function vpn_ipsec_configure($ipchg = false) /* Mimic 1.2.3's behavior for pure-psk mobile tunnels */ if ($ph1ent['authentication_method'] == "pre_shared_key") { $pcheck = !empty($ph1ent['proposal_check']) ? $ph1ent['proposal_check'] : $pcheck = "obey"; - $genp = "on"; + $genp = !empty($ph1ent['generate_policy']) ? $ph1ent['generate_policy'] : "on"; } else { $init = "off"; - $genp = "unique"; + $genp = !empty($ph1ent['generate_policy']) ? $ph1ent['generate_policy'] : "unique"; } } @@ -864,8 +864,7 @@ EOD; /* FIXME: does adding route-to and reply-to on the in/outbound * rules fix this? smos@ 13-01-2009 */ // log_error("IPSEC interface is not WAN but {$parentinterface}, adding static route for VPN endpoint {$rgip} via {$gatewayip}"); - mwexec("/sbin/route delete -host {$rgip}"); - mwexec("/sbin/route add -host {$rgip} {$gatewayip}"); + mwexec("/sbin/route delete -host {$rgip}; /sbin/route add -host {$rgip} {$gatewayip}", true); } } } @@ -913,7 +912,7 @@ EOD; $hostnames = ""; array_unique($filterdns_list); foreach ($filterdns_list as $hostname) - $hostnames .= "cmd {$hostname} '/etc/rc.newipsecdns'\n"; + $hostnames .= "cmd {$hostname} '/usr/local/sbin/pfSctl -c \"service reload ipsecdns\"'\n"; file_put_contents("{$g['varetc_path']}/filterdns-ipsec.hosts", $hostnames); killbypid("{$g['varrun_path']}/filterdns-ipsec.pid"); |