diff options
| author | Chris Buechler <cmb@pfsense.org> | 2015-04-16 12:34:46 -0500 |
|---|---|---|
| committer | Chris Buechler <cmb@pfsense.org> | 2015-04-16 12:37:10 -0500 |
| commit | 0545a75e4c5a9802ce488c73d66b1e13de846776 (patch) | |
| tree | c78dd5e0253cc7be2bb7504516e88f20e766c17e /etc | |
| parent | eee053fe10fe2857f7a6921f893d66a86f090b92 (diff) | |
| download | pfsense-0545a75e4c5a9802ce488c73d66b1e13de846776.zip pfsense-0545a75e4c5a9802ce488c73d66b1e13de846776.tar.gz | |
Always do a filter reload in vpn_ipsec_configure to ensure the ruleset is
updated where necessary in every IPsec change scenario.
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/vpn.inc | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index d5efa8a..25fb706 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -107,6 +107,9 @@ function vpn_ipsec_configure($restart = false) /* get the automatic ping_hosts.sh ready */ unlink_if_exists("{$g['vardb_path']}/ipsecpinghosts"); touch("{$g['vardb_path']}/ipsecpinghosts"); + + /* service may have been enabled, disabled, or otherwise changed in a way requiring rule updates */ + filter_configure(); $syscfg = $config['system']; $ipseccfg = $config['ipsec']; @@ -123,8 +126,6 @@ function vpn_ipsec_configure($restart = false) mwexec("/sbin/ifconfig enc0 down"); set_single_sysctl("net.inet.ip.ipsec_in_use", "0"); - filter_configure(); - return 0; } |
