diff options
author | Seth Mos <seth.mos@xs4all.nl> | 2007-07-04 12:11:30 +0000 |
---|---|---|
committer | Seth Mos <seth.mos@xs4all.nl> | 2007-07-04 12:11:30 +0000 |
commit | b9d8cc51efbf8d1b2403d0087c967262b7a31a70 (patch) | |
tree | 2098ce93b9dcf0c372d5764b45f22dc2cc58b8da /etc/inc/vpn.inc | |
parent | be41c19386e0c5afdaf1e18bbfb42256829c2806 (diff) | |
download | pfsense-b9d8cc51efbf8d1b2403d0087c967262b7a31a70.zip pfsense-b9d8cc51efbf8d1b2403d0087c967262b7a31a70.tar.gz |
Fix loading and reloading config for IPSEC.
MFC: Possible candidate, works for seth. Needs test.
Diffstat (limited to 'etc/inc/vpn.inc')
-rw-r--r-- | etc/inc/vpn.inc | 34 |
1 files changed, 18 insertions, 16 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index cbeff52..5a4b1f8 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -247,12 +247,6 @@ function vpn_ipsec_configure($ipchg = false) { fwrite($fd, $spdconf); fclose($fd); - - /* flushie, flushie spds */ - mwexec("/sbin/setkey -FP"); - - /* load SPD */ - mwexec("/sbin/setkey -c < {$g['varetc_path']}/spd.conf"); } /* generate racoon.conf */ @@ -573,12 +567,24 @@ EOD; if(is_process_running("racoon")) { /* We are already online, reload */ mwexec("/usr/bin/killall -HUP racoon"); + // sleep(2); + /* flushie, flushie spds */ + mwexec("/usr/local/sbin/setkey -FP"); + mwexec("/usr/local/sbin/setkey -F"); + /* load SPD */ + mwexec("/bin/cat {$g['varetc_path']}/spd.conf | /usr/local/bin/slowdownpipe.sh | /usr/local/sbin/setkey -c"); + sleep(1); } else { - /* sleep for a bit */ - sleep (2); - /* start racoon */ mwexec("/usr/local/sbin/racoon -f {$g['varetc_path']}/racoon.conf"); + /* sleep for a bit */ + // sleep (2); + /* flushie, flushie spds */ + mwexec("/usr/local/sbin/setkey -FP"); + mwexec("/usr/local/sbin/setkey -F"); + /* load SPD */ + mwexec("/bin/cat {$g['varetc_path']}/spd.conf | /usr/local/bin/slowdownpipe.sh | /usr/local/sbin/setkey -c"); + sleep(1); } } } @@ -1115,17 +1121,13 @@ function vpn_ipsec_force_reload() { mwexec("/usr/bin/killall racoon"); /* wait for process to die */ - sleep(2); + sleep(4); /* send a SIGKILL to be sure */ sigkillbypid("{$g['varrun_path']}/racoon.pid", "KILL"); - /* flush SPD and SAD */ - mwexec("/sbin/setkey -FP"); - mwexec("/sbin/setkey -F"); - /* wait for flushing to finish */ - sleep(5); + sleep(1); /* if ipsec is enabled, start up again */ if (isset($ipseccfg['enable'])) { @@ -1135,4 +1137,4 @@ function vpn_ipsec_force_reload() { } -?>
\ No newline at end of file +?> |