diff options
author | Seth Mos <seth.mos@xs4all.nl> | 2009-01-16 08:28:27 +0000 |
---|---|---|
committer | Seth Mos <seth.mos@xs4all.nl> | 2009-01-16 08:28:27 +0000 |
commit | 2c64a07a657e7e879037f0ecfc7ca39233c8c33a (patch) | |
tree | afa694eb887153649ff0442d11a001c6fe8a0aa0 /etc | |
parent | bf92bc791de6b04246c7a2f67945ce1412906d95 (diff) | |
download | pfsense-2c64a07a657e7e879037f0ecfc7ca39233c8c33a.zip pfsense-2c64a07a657e7e879037f0ecfc7ca39233c8c33a.tar.gz |
Make sure we match the right SPI to src and dst address, otherwise the purge of the old
spi fails.
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/vpn.inc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 2cd4043..30bcc1b 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -1260,10 +1260,10 @@ function reload_tunnel_spd_policy($tunnel, $oldtunnel) { /* zap any existing SA entries beforehand */ foreach($sad_arr as $sad) { if(($sad['dst'] == $ep) && ($sad['src'] == $rgip)) { - $spdconf .= "delete {$ep} {$rgip} {$tunnel['p2']['protocol']} 0x{$sad['spi']};\n"; + $spdconf .= "delete {$rgip} {$ep} {$tunnel['p2']['protocol']} 0x{$sad['spi']};\n"; } if(($sad['src'] == $ep) && ($sad['dst'] == $rgip)) { - $spdconf .= "delete {$rgip} {$ep} {$tunnel['p2']['protocol']} 0x{$sad['spi']};\n"; + $spdconf .= "delete {$ep} {$rgip} {$tunnel['p2']['protocol']} 0x{$sad['spi']};\n"; } } /* add new SPD policies to replace them */ |