Merge remote-tracking branch 'mainline/master' into inc

Conflicts: etc/inc/voucher.inc usr/local/www/fbegin.inc
author: Vinicius Coque <vinicius.coque@bluepex.com> 2011-06-07 10:47:29 -0300
committer: Vinicius Coque <vinicius.coque@bluepex.com> 2011-06-07 10:47:29 -0300
commit: d8012adbce60d9a90dac54e5b7832f8fa7e82fb6 (patch)
tree: 1922288b0151aacb26a3091e9507f858473e3a22 /etc/inc/vpn.inc
parent: 669113f9d12a43391cd480390dfbfbecf55d544e (diff)
parent: 3f8a13e051d17b6240f30f9a0c284baa3a0559ac (diff)
download: pfsense-d8012adbce60d9a90dac54e5b7832f8fa7e82fb6.zip
pfsense-d8012adbce60d9a90dac54e5b7832f8fa7e82fb6.tar.gz
1 files changed, 5 insertions, 6 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc
index 455c07d..bd985b2 100644
--- a/etc/inc/vpn.inc
+++ b/etc/inc/vpn.inc
@@ -481,7 +481,7 @@ function vpn_ipsec_configure($ipchg = false)
 						$natt = $ph1ent['nat_traversal'];
 
 					$init = "on";
-					$genp = "off";
+					$genp = !empty($ph1ent['generate_policy']) ? $ph1ent['generate_policy'] : "off";
 					$pcheck = !empty($ph1ent['proposal_check']) ? $ph1ent['proposal_check'] : $pcheck = "claim";
 					$passive = "";
 					if (isset($ph1ent['mobile'])) {
@@ -490,10 +490,10 @@ function vpn_ipsec_configure($ipchg = false)
 						/* Mimic 1.2.3's behavior for pure-psk mobile tunnels */
 						if ($ph1ent['authentication_method'] == "pre_shared_key") {
 							$pcheck = !empty($ph1ent['proposal_check']) ? $ph1ent['proposal_check'] : $pcheck = "obey";
-							$genp = "on";
+							$genp = !empty($ph1ent['generate_policy']) ? $ph1ent['generate_policy'] : "on";
 						} else {
 							$init = "off";
-							$genp = "unique";
+							$genp = !empty($ph1ent['generate_policy']) ? $ph1ent['generate_policy'] : "unique";
 						}
 					}
 
@@ -864,8 +864,7 @@ EOD;
 								/* FIXME: does adding route-to and reply-to on the in/outbound
 								 * rules fix this? smos@ 13-01-2009 */
 								// log_error("IPSEC interface is not WAN but {$parentinterface}, adding static route for VPN endpoint {$rgip} via {$gatewayip}");
-								mwexec("/sbin/route delete -host {$rgip}");
-								mwexec("/sbin/route add -host {$rgip} {$gatewayip}");
+								mwexec("/sbin/route delete -host {$rgip}; /sbin/route add -host {$rgip} {$gatewayip}", true);
 							}
 						}
 					}
@@ -913,7 +912,7 @@ EOD;
 			$hostnames = "";
 			array_unique($filterdns_list);
 			foreach ($filterdns_list as $hostname)
-				$hostnames .= "cmd {$hostname} '/etc/rc.newipsecdns'\n";
+				$hostnames .= "cmd {$hostname} '/usr/local/sbin/pfSctl -c \"service reload ipsecdns\"'\n";
 			file_put_contents("{$g['varetc_path']}/filterdns-ipsec.hosts", $hostnames);
 
 			killbypid("{$g['varrun_path']}/filterdns-ipsec.pid");
author	Vinicius Coque <vinicius.coque@bluepex.com>	2011-06-07 10:47:29 -0300
committer	Vinicius Coque <vinicius.coque@bluepex.com>	2011-06-07 10:47:29 -0300
commit	d8012adbce60d9a90dac54e5b7832f8fa7e82fb6 (patch)
tree	1922288b0151aacb26a3091e9507f858473e3a22 /etc/inc/vpn.inc
parent	669113f9d12a43391cd480390dfbfbecf55d544e (diff)
parent	3f8a13e051d17b6240f30f9a0c284baa3a0559ac (diff)
download	pfsense-d8012adbce60d9a90dac54e5b7832f8fa7e82fb6.zip pfsense-d8012adbce60d9a90dac54e5b7832f8fa7e82fb6.tar.gz