diff options
author | Seth Mos <seth.mos@xs4all.nl> | 2007-05-20 16:52:34 +0000 |
---|---|---|
committer | Seth Mos <seth.mos@xs4all.nl> | 2007-05-20 16:52:34 +0000 |
commit | 0fabced3c4d3c5fa8cb1fa28413f469f73f97875 (patch) | |
tree | 005e458f1f57fdf03dc24aa3b8beca49deca83aa /etc | |
parent | 566c0e4d31124967a03f7fc2262663964755a442 (diff) | |
download | pfsense-0fabced3c4d3c5fa8cb1fa28413f469f73f97875.zip pfsense-0fabced3c4d3c5fa8cb1fa28413f469f73f97875.tar.gz |
Commit forgotten vpn_ipsec_force_reload()
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/vpn.inc | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 16b4bb8..0e2c71c 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -1018,4 +1018,43 @@ EOD; return 0; } +/* Forcefully restart IPSEC + * This is required for when dynamic interfaces reload + * For all other occasions the normal vpn_ipsec_configure() + * will gracefully reload the settings without restarting + */ +function vpn_ipsec_force_reload() { + global $config; + global $g; + + $ipseccfg = $config['ipsec']; + + /* kill any ipsec communications regardless when we are invoked */ + mwexec("/sbin/ifconfig enc0 down"); + mwexec("/sbin/ifconfig enc0 destroy"); + + /* kill racoon */ + mwexec("/usr/bin/killall racoon"); + + /* wait for process to die */ + sleep(2); + + /* send a SIGKILL to be sure */ + sigkillbypid("{$g['varrun_path']}/racoon.pid", "KILL"); + + /* flush SPD and SAD */ + mwexec("/sbin/setkey -FP"); + mwexec("/sbin/setkey -F"); + + /* wait for flushing to finish */ + sleep(5); + + /* if ipsec is enabled, start up again */ + if (isset($ipseccfg['enable'])) { + log_error("Forcefully reloading IPSEC racoon daemon"); + vpn_ipsec_configure(); + } + +} + ?> |