diff options
author | Ermal LUÇI <eri@pfsense.org> | 2015-04-24 17:30:35 +0200 |
---|---|---|
committer | Ermal LUÇI <eri@pfsense.org> | 2015-04-24 17:30:50 +0200 |
commit | 7d5add01e48bab8d82d5a5699325fa7b6aeb4e5c (patch) | |
tree | dd3997abc3e925db3ecff692a1be4eb027f80c98 /etc | |
parent | 6ed34650a77fa09036207f62e5fcdfca291fbada (diff) | |
download | pfsense-7d5add01e48bab8d82d5a5699325fa7b6aeb4e5c.zip pfsense-7d5add01e48bab8d82d5a5699325fa7b6aeb4e5c.tar.gz |
Use a dirty hack to make IKEv1 with multiple phase2 to work correctly with one IKE SA for each subnet
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/vpn.inc | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 3e60e1a..c4b8670 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -1074,11 +1074,14 @@ EOD; if (!isset($ph1ent['mobile']) && $keyexchange == 'ikev1') { if (!empty($rightsubnet_spec)) { $ipsecfin = ''; + $keyingtries = 3; foreach ($rightsubnet_spec as $idx => $rsubnet) { $ipsecfin .= "\nconn con{$ph1ent['ikeid']}00{$idx}\n"; if (!empty($reqids[$idx])) $ipsecfin .= "\treqid = " . $reqids[$idx] . "\n"; $ipsecfin .= $ipsecconnect; + $ipsecfin .= "\tkeyingtries = {$keyingtries}\n"; + $keyingtries++; $ipsecfin .= "\trightsubnet = {$rsubnet}\n"; $ipsecfin .= "\tleftsubnet = " . $leftsubnet_spec[$idx] . "\n"; } |