diff options
author | Chris Buechler <cmb@pfsense.org> | 2009-01-31 19:35:39 -0500 |
---|---|---|
committer | Chris Buechler <cmb@pfsense.org> | 2009-01-31 19:35:39 -0500 |
commit | 554e22118b4611737d728789cc6cc5e30dbdbb4a (patch) | |
tree | 00ad07ab87117b400febd6b336e0e9e5df1d910d /etc | |
parent | bc9b5f338087dab3d75d3ebbaabfc24ca283ec25 (diff) | |
download | pfsense-554e22118b4611737d728789cc6cc5e30dbdbb4a.zip pfsense-554e22118b4611737d728789cc6cc5e30dbdbb4a.tar.gz |
fix for IPsec timeouts/issues with large frames
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/vpn.inc | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 30bcc1b..2700e3c 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -99,6 +99,11 @@ function vpn_ipsec_configure($ipchg = false) { mwexec("/sbin/ifconfig enc0 create", true); mwexec("/sbin/ifconfig enc0 up", true); + + exec("/sbin/sysctl net.enc.out.ipsec_bpf_mask=0x00000000"); + exec("/sbin/sysctl net.enc.out.ipsec_filter_mask=0x00000001"); + exec("/sbin/sysctl net.enc.in.ipsec_bpf_mask=0x00000000"); + exec("/sbin/sysctl net.enc.in.ipsec_filter_mask=0x00000002"); /* get the automatic /etc/ping_hosts.sh ready */ unlink_if_exists("/var/db/ipsecpinghosts"); |