diff options
| author | Seth Mos <seth.mos@xs4all.nl> | 2007-05-20 16:51:02 +0000 |
|---|---|---|
| committer | Seth Mos <seth.mos@xs4all.nl> | 2007-05-20 16:51:02 +0000 |
| commit | 36db0082a3947b32ed0588f4750054b197c5e859 (patch) | |
| tree | 9e70fce2a06050bbca6d7e921ff1978c06bd8a89 /etc | |
| parent | fb7e4ba1a45117b8f19102de2cbed89df3b0aea6 (diff) | |
| download | pfsense-36db0082a3947b32ed0588f4750054b197c5e859.zip pfsense-36db0082a3947b32ed0588f4750054b197c5e859.tar.gz | |
Commit forgotten vpn_ipsec_force_reload()
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/vpn.inc | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 07f4481..2aebb32 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -1093,4 +1093,39 @@ EOD; return 0; } +/* Forcefully restart IPSEC + * This is required for when dynamic interfaces reload + * For all other occasions the normal vpn_ipsec_configure() + * will gracefully reload the settings without restarting + */ +function vpn_ipsec_force_reload() { + global $config; + global $g; + + $ipseccfg = $config['ipsec']; + + /* kill racoon */ + mwexec("/usr/bin/killall racoon"); + + /* wait for process to die */ + sleep(2); + + /* send a SIGKILL to be sure */ + sigkillbypid("{$g['varrun_path']}/racoon.pid", "KILL"); + + /* flush SPD and SAD */ + mwexec("/sbin/setkey -FP"); + mwexec("/sbin/setkey -F"); + + /* wait for flushing to finish */ + sleep(5); + + /* if ipsec is enabled, start up again */ + if (isset($ipseccfg['enable'])) { + log_error("Forcefully reloading IPSEC racoon daemon"); + vpn_ipsec_configure(); + } + +} + ?> |
