fix for IPsec timeouts/issues with large frames

author: Chris Buechler <cmb@pfsense.org> 2009-01-31 19:35:39 -0500
committer: Chris Buechler <cmb@pfsense.org> 2009-01-31 19:35:39 -0500
commit: 554e22118b4611737d728789cc6cc5e30dbdbb4a (patch)
tree: 00ad07ab87117b400febd6b336e0e9e5df1d910d /etc
parent: bc9b5f338087dab3d75d3ebbaabfc24ca283ec25 (diff)
download: pfsense-554e22118b4611737d728789cc6cc5e30dbdbb4a.zip
pfsense-554e22118b4611737d728789cc6cc5e30dbdbb4a.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc
index 30bcc1b..2700e3c 100644
--- a/etc/inc/vpn.inc
+++ b/etc/inc/vpn.inc
@@ -99,6 +99,11 @@ function vpn_ipsec_configure($ipchg = false) {
 
 	mwexec("/sbin/ifconfig enc0 create", true);
 	mwexec("/sbin/ifconfig enc0 up", true);
+	
+	exec("/sbin/sysctl net.enc.out.ipsec_bpf_mask=0x00000000");
+	exec("/sbin/sysctl net.enc.out.ipsec_filter_mask=0x00000001");
+	exec("/sbin/sysctl net.enc.in.ipsec_bpf_mask=0x00000000");
+	exec("/sbin/sysctl net.enc.in.ipsec_filter_mask=0x00000002");
 
 	/* get the automatic /etc/ping_hosts.sh ready */
 	unlink_if_exists("/var/db/ipsecpinghosts");
author	Chris Buechler <cmb@pfsense.org>	2009-01-31 19:35:39 -0500
committer	Chris Buechler <cmb@pfsense.org>	2009-01-31 19:35:39 -0500
commit	554e22118b4611737d728789cc6cc5e30dbdbb4a (patch)
tree	00ad07ab87117b400febd6b336e0e9e5df1d910d /etc
parent	bc9b5f338087dab3d75d3ebbaabfc24ca283ec25 (diff)
download	pfsense-554e22118b4611737d728789cc6cc5e30dbdbb4a.zip pfsense-554e22118b4611737d728789cc6cc5e30dbdbb4a.tar.gz