diff options
author | Chris Buechler <cmb@pfsense.org> | 2015-03-03 00:16:33 -0600 |
---|---|---|
committer | Chris Buechler <cmb@pfsense.org> | 2015-03-03 00:16:33 -0600 |
commit | 58c58dcfa7b13aef5e3a0997bce61018fba6d3ec (patch) | |
tree | a02e7dda764bae1b0b5f4e1a1fec2a3eebdd536d /etc/inc/vpn.inc | |
parent | 8f5f40c9fca0bfb637589b4c86e53bfb80753c87 (diff) | |
download | pfsense-58c58dcfa7b13aef5e3a0997bce61018fba6d3ec.zip pfsense-58c58dcfa7b13aef5e3a0997bce61018fba6d3ec.tar.gz |
Remove "Prefer old SA" option, and ignore it in all existing configurations. Breaks things in many cases with strongSwan. For the very rare circumstances where this is actually desirable, it's just a sysctl that can be set in tunables.
Diffstat (limited to 'etc/inc/vpn.inc')
-rw-r--r-- | etc/inc/vpn.inc | 12 |
1 files changed, 1 insertions, 11 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 283e455..3ec14de 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -105,8 +105,6 @@ function vpn_ipsec_configure($restart = false) unlink_if_exists("{$g['vardb_path']}/ipsecpinghosts"); touch("{$g['vardb_path']}/ipsecpinghosts"); - vpn_ipsec_configure_preferoldsa(); - $syscfg = $config['system']; $ipseccfg = $config['ipsec']; if (!isset($ipseccfg['enable'])) { @@ -1771,12 +1769,4 @@ EOD; return 0; } -function vpn_ipsec_configure_preferoldsa() { - global $config; - if(isset($config['ipsec']['preferoldsa'])) - set_single_sysctl("net.key.preferred_oldsa", "-30"); - else - set_single_sysctl("net.key.preferred_oldsa", "0"); -} - -?> +?>
\ No newline at end of file |