diff options
author | Chris Buechler <cmb@pfsense.org> | 2015-07-22 15:03:20 -0500 |
---|---|---|
committer | Chris Buechler <cmb@pfsense.org> | 2015-07-22 15:03:56 -0500 |
commit | df4de32d3403e58a45f0e66fccdf67f33e8cde91 (patch) | |
tree | 4332922479177d25258f051cc4a2c6225cf3f9ef /etc/inc | |
parent | 0be67fe5fe1dc9483ab815223c2275d85083c22a (diff) | |
download | pfsense-df4de32d3403e58a45f0e66fccdf67f33e8cde91.zip pfsense-df4de32d3403e58a45f0e66fccdf67f33e8cde91.tar.gz |
Add IPsec advanced option for strict CRL checking
Diffstat (limited to 'etc/inc')
-rw-r--r-- | etc/inc/vpn.inc | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index fb477e4..688e9ca 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -713,6 +713,10 @@ EOD; $ipsecconf .= "# This file is automatically generated. Do not edit\n"; $ipsecconf .= "config setup\n\tuniqueids = {$uniqueids}\n"; $ipsecconf .= "\tcharondebug=\"" . vpn_ipsec_configure_loglevels(true) . "\"\n"; + + if (isset($config['ipsec']['strictcrlpolicy'])) { + $ipsecconf .= "\tstrictcrlpolicy = yes \n"; + } if (!isset($config['ipsec']['noshuntlaninterfaces'])) { if ($config['interfaces']['lan']) { |