Add an option to force IPsec to reload on failover, which is needed in some cases for IPsec to fail from one interface to another. Ticket #2896

author: jim-p <jimp@pfsense.org> 2013-06-18 14:00:41 -0400
committer: jim-p <jimp@pfsense.org> 2013-06-18 14:03:16 -0400
commit: 8744a1130e3a6ddd1c252b35479495c0bdb71271 (patch)
tree: 2b4028a1d6e0eb697916de66d19c9198a5b227be /etc/rc.newipsecdns
parent: a27403c4e662eb0ce0b580af09dbf60066005051 (diff)
download: pfsense-8744a1130e3a6ddd1c252b35479495c0bdb71271.zip
pfsense-8744a1130e3a6ddd1c252b35479495c0bdb71271.tar.gz
1 files changed, 6 insertions, 2 deletions
diff --git a/etc/rc.newipsecdns b/etc/rc.newipsecdns
index 554fc80..de3d7ac 100755
--- a/etc/rc.newipsecdns
+++ b/etc/rc.newipsecdns
@@ -44,9 +44,10 @@ require_once("vpn.inc");
 if (file_exists("{$g['varrun_path']}/booting"))
 	return;
 
-if (isset($config['ipsec']['enable']))
+if (isset($config['ipsec']['enable'])) {
+	sleep(15);
 	log_error("IPSEC: One or more IPsec tunnel endpoints has changed its IP. Refreshing.");
-else
+} else
 	return;
 
 $ipseclck = lock('ipsecdns', LOCK_EX);
@@ -60,5 +61,8 @@ vpn_ipsec_refresh_policies();
 
 vpn_ipsec_configure();
 
+if (isset($config['ipsec']['failoverforcereload']))
+	vpn_ipsec_force_reload();
+
 unlock($ipseclck);
 ?>
author	jim-p <jimp@pfsense.org>	2013-06-18 14:00:41 -0400
committer	jim-p <jimp@pfsense.org>	2013-06-18 14:03:16 -0400
commit	8744a1130e3a6ddd1c252b35479495c0bdb71271 (patch)
tree	2b4028a1d6e0eb697916de66d19c9198a5b227be /etc/rc.newipsecdns
parent	a27403c4e662eb0ce0b580af09dbf60066005051 (diff)
download	pfsense-8744a1130e3a6ddd1c252b35479495c0bdb71271.zip pfsense-8744a1130e3a6ddd1c252b35479495c0bdb71271.tar.gz