Use a dirty hack to make IKEv1 with multiple phase2 to work correctly with one IKE SA for each subnet

author: Ermal LUÇI <eri@pfsense.org> 2015-04-24 17:30:35 +0200
committer: Ermal LUÇI <eri@pfsense.org> 2015-04-24 17:30:50 +0200
commit: 7d5add01e48bab8d82d5a5699325fa7b6aeb4e5c (patch)
tree: dd3997abc3e925db3ecff692a1be4eb027f80c98 /etc
parent: 6ed34650a77fa09036207f62e5fcdfca291fbada (diff)
download: pfsense-7d5add01e48bab8d82d5a5699325fa7b6aeb4e5c.zip
pfsense-7d5add01e48bab8d82d5a5699325fa7b6aeb4e5c.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc
index 3e60e1a..c4b8670 100644
--- a/etc/inc/vpn.inc
+++ b/etc/inc/vpn.inc
@@ -1074,11 +1074,14 @@ EOD;
 			if (!isset($ph1ent['mobile']) && $keyexchange == 'ikev1') {
 				if (!empty($rightsubnet_spec)) {
 					$ipsecfin = '';
+					$keyingtries = 3;
 					foreach ($rightsubnet_spec as $idx => $rsubnet) {
 						$ipsecfin .= "\nconn con{$ph1ent['ikeid']}00{$idx}\n";
 						if (!empty($reqids[$idx]))
 							$ipsecfin .= "\treqid = " . $reqids[$idx] . "\n";
 						$ipsecfin .= $ipsecconnect;
+						$ipsecfin .= "\tkeyingtries = {$keyingtries}\n";
+						$keyingtries++;
 						$ipsecfin .= "\trightsubnet = {$rsubnet}\n";
 						$ipsecfin .= "\tleftsubnet = " . $leftsubnet_spec[$idx] . "\n";
 					}
author	Ermal LUÇI <eri@pfsense.org>	2015-04-24 17:30:35 +0200
committer	Ermal LUÇI <eri@pfsense.org>	2015-04-24 17:30:50 +0200
commit	7d5add01e48bab8d82d5a5699325fa7b6aeb4e5c (patch)
tree	dd3997abc3e925db3ecff692a1be4eb027f80c98 /etc
parent	6ed34650a77fa09036207f62e5fcdfca291fbada (diff)
download	pfsense-7d5add01e48bab8d82d5a5699325fa7b6aeb4e5c.zip pfsense-7d5add01e48bab8d82d5a5699325fa7b6aeb4e5c.tar.gz