Add an option to force IPsec to reload on failover, which is needed in some cases for IPsec to fail from one interface to another. Ticket #2896

author: jim-p <jimp@pfsense.org> 2013-06-18 14:00:41 -0400
committer: jim-p <jimp@pfsense.org> 2013-06-18 14:00:41 -0400
commit: 7ddfa92266c9ad4bbeb343bb066575d6826c33c8 (patch)
tree: 6c4c825c3a0d0a09d6cc62d8f777796ea2cf472c /etc/rc.newipsecdns
parent: 6743ab2887786beaf827dd96bfbacb8676ad4d5a (diff)
download: pfsense-7ddfa92266c9ad4bbeb343bb066575d6826c33c8.zip
pfsense-7ddfa92266c9ad4bbeb343bb066575d6826c33c8.tar.gz
1 files changed, 6 insertions, 2 deletions
diff --git a/etc/rc.newipsecdns b/etc/rc.newipsecdns
index 554fc80..de3d7ac 100755
--- a/etc/rc.newipsecdns
+++ b/etc/rc.newipsecdns
@@ -44,9 +44,10 @@ require_once("vpn.inc");
 if (file_exists("{$g['varrun_path']}/booting"))
 	return;
 
-if (isset($config['ipsec']['enable']))
+if (isset($config['ipsec']['enable'])) {
+	sleep(15);
 	log_error("IPSEC: One or more IPsec tunnel endpoints has changed its IP. Refreshing.");
-else
+} else
 	return;
 
 $ipseclck = lock('ipsecdns', LOCK_EX);
@@ -60,5 +61,8 @@ vpn_ipsec_refresh_policies();
 
 vpn_ipsec_configure();
 
+if (isset($config['ipsec']['failoverforcereload']))
+	vpn_ipsec_force_reload();
+
 unlock($ipseclck);
 ?>
author	jim-p <jimp@pfsense.org>	2013-06-18 14:00:41 -0400
committer	jim-p <jimp@pfsense.org>	2013-06-18 14:00:41 -0400
commit	7ddfa92266c9ad4bbeb343bb066575d6826c33c8 (patch)
tree	6c4c825c3a0d0a09d6cc62d8f777796ea2cf472c /etc/rc.newipsecdns
parent	6743ab2887786beaf827dd96bfbacb8676ad4d5a (diff)
download	pfsense-7ddfa92266c9ad4bbeb343bb066575d6826c33c8.zip pfsense-7ddfa92266c9ad4bbeb343bb066575d6826c33c8.tar.gz