diff options
author | Seth Mos <seth.mos@xs4all.nl> | 2008-01-14 21:37:47 +0000 |
---|---|---|
committer | Seth Mos <seth.mos@xs4all.nl> | 2008-01-14 21:37:47 +0000 |
commit | abd9c0367f5dc355f3b857c2a97dc0bfa5f3fa6b (patch) | |
tree | c24de667757c43b3fe46d74339c8a01660e1faab /etc | |
parent | 0aeab9f19fba431950a78c974cf7bfd9cace8bbe (diff) | |
download | pfsense-abd9c0367f5dc355f3b857c2a97dc0bfa5f3fa6b.zip pfsense-abd9c0367f5dc355f3b857c2a97dc0bfa5f3fa6b.tar.gz |
Make 3 passes at loading the SPD entries as this will fail on large configurations > 250 tunnels
Tested by smos@ 399 tunnels 239 active, ok by sullrich@
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/vpn.inc | 31 |
1 files changed, 17 insertions, 14 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index d0cf224..430dda9 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -568,26 +568,29 @@ EOD; chmod("{$g['varetc_path']}/psk.txt", 0600); if(is_process_running("racoon")) { + /* flush SPD entries */ + mwexec("/sbin/setkey -FP"); + // mwexec("/sbin/setkey -F"); + $i = 0; + while($i < 2) { + /* load SPD */ + mwexec("/bin/cat {$g['varetc_path']}/spd.conf | /usr/local/bin/slowdownpipe.sh | /sbin/setkey -c"); + $i++; + } /* We are already online, reload */ mwexec("/usr/bin/killall -HUP racoon"); - // sleep(2); - /* flushie, flushie spds */ + } else { + /* flush SA + SPD entries */ mwexec("/sbin/setkey -FP"); mwexec("/sbin/setkey -F"); - /* load SPD */ - mwexec("/bin/cat {$g['varetc_path']}/spd.conf | /usr/local/bin/slowdownpipe.sh | /sbin/setkey -c"); - sleep(1); - } else { + $i = 0; + while($i < 2) { + /* load SPD */ + mwexec("/bin/cat {$g['varetc_path']}/spd.conf | /usr/local/bin/slowdownpipe.sh | /sbin/setkey -c"); + $i++; + } /* start racoon */ mwexec("/usr/local/sbin/racoon -f {$g['varetc_path']}/racoon.conf"); - /* sleep for a bit */ - // sleep (2); - /* flushie, flushie spds */ - mwexec("/sbin/setkey -FP"); - mwexec("/sbin/setkey -F"); - /* load SPD */ - mwexec("/bin/cat {$g['varetc_path']}/spd.conf | /usr/local/bin/slowdownpipe.sh | /sbin/setkey -c"); - sleep(1); } } } |