diff options
| author | Pierre POMES <pierre.pomes@gmail.com> | 2012-09-25 08:17:50 -0400 |
|---|---|---|
| committer | Pierre POMES <pierre.pomes@gmail.com> | 2012-09-25 08:18:46 -0400 |
| commit | f00278f1e8cc2a534f13a6f3510aed85ebe11bd4 (patch) | |
| tree | 7ff89581e82e57543e0e15f580d460116f01794f /etc | |
| parent | 687dbc35295b0391c336c4ed005b6181b0b96bcf (diff) | |
| download | pfsense-f00278f1e8cc2a534f13a6f3510aed85ebe11bd4.zip pfsense-f00278f1e8cc2a534f13a6f3510aed85ebe11bd4.tar.gz | |
Ticket #2635: during ipsec reload, do not generate spd for disabled ph1
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/vpn.inc | 18 |
1 files changed, 10 insertions, 8 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 618dec3..36e1ca9 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -1834,14 +1834,16 @@ function reload_tunnel_spd_policy($phase1, $phase2, $old_phase1, $old_phase2) { } } /* add new SPD policies to replace them */ - $spdconf .= "spdadd {$family} {$local_subnet} " . - "{$remote_subnet} any -P out ipsec " . - "{$phase2['protocol']}/tunnel/{$ep}-" . - "{$rgip}/unique;\n"; - $spdconf .= "spdadd {$family} {$remote_subnet} " . - "{$local_subnet} any -P in ipsec " . - "{$phase2['protocol']}/tunnel/{$rgip}-" . - "{$ep}/unique;\n"; + if (!isset($phase1['disabled'])) { + $spdconf .= "spdadd {$family} {$local_subnet} " . + "{$remote_subnet} any -P out ipsec " . + "{$phase2['protocol']}/tunnel/{$ep}-" . + "{$rgip}/unique;\n"; + $spdconf .= "spdadd {$family} {$remote_subnet} " . + "{$local_subnet} any -P in ipsec " . + "{$phase2['protocol']}/tunnel/{$rgip}-" . + "{$ep}/unique;\n"; + } log_error(sprintf(gettext("Reloading IPsec tunnel '%1\$s'. Previous IP '%2\$s', current IP '%3\$s'. Reloading policy"), $phase1['descr'], $old_gw, $rgip)); |
