Remove "Prefer old SA" option, and ignore it in all existing configurations. Breaks things in many cases with strongSwan. For the very rare circumstances where this is actually desirable, it's just a sysctl that can be set in tunables.

author: Chris Buechler <cmb@pfsense.org> 2015-03-03 00:16:33 -0600
committer: Chris Buechler <cmb@pfsense.org> 2015-03-03 00:16:33 -0600
commit: 58c58dcfa7b13aef5e3a0997bce61018fba6d3ec (patch)
tree: a02e7dda764bae1b0b5f4e1a1fec2a3eebdd536d /etc/inc/vpn.inc
parent: 8f5f40c9fca0bfb637589b4c86e53bfb80753c87 (diff)
download: pfsense-58c58dcfa7b13aef5e3a0997bce61018fba6d3ec.zip
pfsense-58c58dcfa7b13aef5e3a0997bce61018fba6d3ec.tar.gz
1 files changed, 1 insertions, 11 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc
index 283e455..3ec14de 100644
--- a/etc/inc/vpn.inc
+++ b/etc/inc/vpn.inc
@@ -105,8 +105,6 @@ function vpn_ipsec_configure($restart = false)
 	unlink_if_exists("{$g['vardb_path']}/ipsecpinghosts");
 	touch("{$g['vardb_path']}/ipsecpinghosts");
 
-	vpn_ipsec_configure_preferoldsa();
-
 	$syscfg = $config['system'];
 	$ipseccfg = $config['ipsec'];
 	if (!isset($ipseccfg['enable'])) {
@@ -1771,12 +1769,4 @@ EOD;
 	return 0;
 }
 
-function vpn_ipsec_configure_preferoldsa() {
-	global $config;
-	if(isset($config['ipsec']['preferoldsa']))
-		set_single_sysctl("net.key.preferred_oldsa", "-30");
-	else
-		set_single_sysctl("net.key.preferred_oldsa", "0");
-}
-
-?>
+?>
+\ No newline at end of file
author	Chris Buechler <cmb@pfsense.org>	2015-03-03 00:16:33 -0600
committer	Chris Buechler <cmb@pfsense.org>	2015-03-03 00:16:33 -0600
commit	58c58dcfa7b13aef5e3a0997bce61018fba6d3ec (patch)
tree	a02e7dda764bae1b0b5f4e1a1fec2a3eebdd536d /etc/inc/vpn.inc
parent	8f5f40c9fca0bfb637589b4c86e53bfb80753c87 (diff)
download	pfsense-58c58dcfa7b13aef5e3a0997bce61018fba6d3ec.zip pfsense-58c58dcfa7b13aef5e3a0997bce61018fba6d3ec.tar.gz