diff options
author | Ermal LUÇI <eri@pfsense.org> | 2015-01-07 22:06:51 +0100 |
---|---|---|
committer | Ermal LUÇI <eri@pfsense.org> | 2015-01-07 22:06:51 +0100 |
commit | 845f9f78199dcf0ed21d2cf8ca3f68112569503e (patch) | |
tree | 624689c1216925b34e242e0d13ecc58f962ea95b /etc | |
parent | 1ada4c8c514cc33b0df6238b7f2f177078bfe2e8 (diff) | |
download | pfsense-845f9f78199dcf0ed21d2cf8ca3f68112569503e.zip pfsense-845f9f78199dcf0ed21d2cf8ca3f68112569503e.tar.gz |
Provide an advanced setting to be able to disable Unity Plugin(Cisco extensions)
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/vpn.inc | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 60a844f..1bbf221 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -286,6 +286,11 @@ function vpn_ipsec_configure($ipchg = false) log_error("WARNING: Setting i_dont_care_about_security_and_use_aggressive_mode_psk option because a phase 1 is configured using aggressive mode with pre-shared keys. This is not a secure configuration."); $i_dont_care_about_security_and_use_aggressive_mode_psk = "i_dont_care_about_security_and_use_aggressive_mode_psk=yes"; } + + $unity_enabled = 'no'; + if (isset($config['ipsec']['unityplugin'])) + $unity_enabled = 'yes'; + $strongswan = <<<EOD # Automatically generated config file - DO NOT MODIFY. Changes will be overwritten. @@ -302,7 +307,7 @@ init_limit_half_open = 1000 install_routes = no {$i_dont_care_about_security_and_use_aggressive_mode_psk} {$accept_unencrypted} -cisco_unity = yes +cisco_unity = {$unity_enabled} # And two loggers using syslog. The subsections define the facility to log # to, currently one of: daemon, auth. |