diff options
author | Seth Mos <seth.mos@xs4all.nl> | 2007-05-10 08:01:52 +0000 |
---|---|---|
committer | Seth Mos <seth.mos@xs4all.nl> | 2007-05-10 08:01:52 +0000 |
commit | 2f1e03119a424852c5d99d8b4ae6afe7956d8d28 (patch) | |
tree | 128d858ba5ce2e6562cccec357125fb9d2c5cbc6 /etc/inc/vpn.inc | |
parent | 8d93d52a8a59cf163cff27585add3b8e4e71e53f (diff) | |
download | pfsense-2f1e03119a424852c5d99d8b4ae6afe7956d8d28.zip pfsense-2f1e03119a424852c5d99d8b4ae6afe7956d8d28.tar.gz |
Rework stop and start logic. If we are already alive, reload instead of stop and start.
Tested by Seth.
Diffstat (limited to 'etc/inc/vpn.inc')
-rw-r--r-- | etc/inc/vpn.inc | 38 |
1 files changed, 27 insertions, 11 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 6104319..07711c6 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -137,12 +137,10 @@ function vpn_ipsec_configure($ipchg = false) { $lansa = gen_subnet($lancfg['ipaddr'], $lancfg['subnet']); $lansn = $lancfg['subnet']; - if ($g['booting']) { - if (!isset($ipseccfg['enable'])) - return 0; + if (!isset($ipseccfg['enable'])) { + mwexec("/sbin/ifconfig enc0 down"); + mwexec("/sbin/ifconfig enc0 destroy"); - echo "Configuring IPsec VPN... "; - } else { /* kill racoon */ mwexec("/usr/bin/killall racoon"); @@ -151,11 +149,17 @@ function vpn_ipsec_configure($ipchg = false) { /* send a SIGKILL to be sure */ sigkillbypid("{$g['varrun_path']}/racoon.pid", "KILL"); + + /* flush SPD and SAD */ + mwexec("/sbin/setkey -FP"); + mwexec("/sbin/setkey -F"); + + return true; } - /* flush SPD and SAD */ - mwexec("/sbin/setkey -FP"); - mwexec("/sbin/setkey -F"); + if ($g['booting']) { + echo "Configuring IPsec VPN... "; + } if (isset($ipseccfg['enable'])) { @@ -554,8 +558,20 @@ EOD; fclose($fd); chmod("{$g['varetc_path']}/psk.txt", 0600); - /* start racoon */ - mwexec("/usr/local/sbin/racoon -f {$g['varetc_path']}/racoon.conf"); + if(is_process_running("racoon")) { + /* We are already online, reload */ + mwexec("/usr/local/sbin/racoonctl reload-config"); + } else { + /* flush SPD and SAD */ + mwexec("/sbin/setkey -FP"); + mwexec("/sbin/setkey -F"); + + /* sleep for a bit */ + sleep (2); + + /* start racoon */ + mwexec("/usr/local/sbin/racoon -f {$g['varetc_path']}/racoon.conf"); + } } } @@ -1076,4 +1092,4 @@ EOD; return 0; } -?>
\ No newline at end of file +?> |