diff options
author | Ermal LUÇI <eri@pfsense.org> | 2015-04-24 17:33:18 +0200 |
---|---|---|
committer | Ermal LUÇI <eri@pfsense.org> | 2015-04-24 17:33:18 +0200 |
commit | 6d7e7c0c5cd8ec613235cd9f2a01f60bb7c32c79 (patch) | |
tree | 7af85506319e84255d29bc938887823d54765e60 /etc | |
parent | 7d5add01e48bab8d82d5a5699325fa7b6aeb4e5c (diff) | |
download | pfsense-6d7e7c0c5cd8ec613235cd9f2a01f60bb7c32c79.zip pfsense-6d7e7c0c5cd8ec613235cd9f2a01f60bb7c32c79.tar.gz |
Provide a description for the dirty hack to not come back scratching.... on it
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/vpn.inc | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index c4b8670..0138c03 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -1080,6 +1080,11 @@ EOD; if (!empty($reqids[$idx])) $ipsecfin .= "\treqid = " . $reqids[$idx] . "\n"; $ipsecfin .= $ipsecconnect; + /* + * This is for making strongswan consider the various similar + * connection profiles as different and forces it to create + * separate IKE SAs for each subnet from P2 + */ $ipsecfin .= "\tkeyingtries = {$keyingtries}\n"; $keyingtries++; $ipsecfin .= "\trightsubnet = {$rsubnet}\n"; |