Properly check and set "Prefer older IPsec SAs" setting in the config and its associated sysctl. Move setting the sysctl to its own function to avoid code duplication.

author: jim-p <jimp@pfsense.org> 2010-09-22 10:07:15 -0400
committer: jim-p <jimp@pfsense.org> 2010-09-22 10:07:15 -0400
commit: 7b2fdac49b28d638a38c9f51a7222e25d386bcca (patch)
tree: d3167ad755b748c0632995a6c3190dd71d4429a1 /etc
parent: 838feb14e175b8132e9d9c0c5ca8adfc9d187837 (diff)
download: pfsense-7b2fdac49b28d638a38c9f51a7222e25d386bcca.zip
pfsense-7b2fdac49b28d638a38c9f51a7222e25d386bcca.tar.gz
1 files changed, 8 insertions, 4 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc
index 92bd73c..488c2d5 100644
--- a/etc/inc/vpn.inc
+++ b/etc/inc/vpn.inc
@@ -86,10 +86,7 @@ function vpn_ipsec_configure($ipchg = false)
 	unlink_if_exists("{$g['vardb_path']}/ipsecpinghosts");
 	touch("{$g['vardb_path']}/ipsecpinghosts");
 
-	if(isset($config['ipsec']['preferoldsa']))
-		mwexec("/sbin/sysctl -w net.key.preferred_oldsa=-30");
-	else
-		mwexec("/sbin/sysctl net.key.preferred_oldsa=0");
+	vpn_ipsec_configure_preferoldsa();
 
 	$syscfg = $config['system'];
 	$ipseccfg = $config['ipsec'];
@@ -1711,4 +1708,11 @@ function reload_tunnel_spd_policy($phase1, $phase2, $old_phase1, $old_phase2) {
 	return true;
 }
 
+function vpn_ipsec_configure_preferoldsa() {
+	global $config;
+	if(isset($config['ipsec']['preferoldsa']))
+		mwexec("/sbin/sysctl -w net.key.preferred_oldsa=-30");
+	else
+		mwexec("/sbin/sysctl net.key.preferred_oldsa=0");
+}
 ?>
author	jim-p <jimp@pfsense.org>	2010-09-22 10:07:15 -0400
committer	jim-p <jimp@pfsense.org>	2010-09-22 10:07:15 -0400
commit	7b2fdac49b28d638a38c9f51a7222e25d386bcca (patch)
tree	d3167ad755b748c0632995a6c3190dd71d4429a1 /etc
parent	838feb14e175b8132e9d9c0c5ca8adfc9d187837 (diff)
download	pfsense-7b2fdac49b28d638a38c9f51a7222e25d386bcca.zip pfsense-7b2fdac49b28d638a38c9f51a7222e25d386bcca.tar.gz