summaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
authorSeth Mos <seth.mos@xs4all.nl>2007-05-20 16:51:02 +0000
committerSeth Mos <seth.mos@xs4all.nl>2007-05-20 16:51:02 +0000
commit36db0082a3947b32ed0588f4750054b197c5e859 (patch)
tree9e70fce2a06050bbca6d7e921ff1978c06bd8a89 /etc
parentfb7e4ba1a45117b8f19102de2cbed89df3b0aea6 (diff)
downloadpfsense-36db0082a3947b32ed0588f4750054b197c5e859.zip
pfsense-36db0082a3947b32ed0588f4750054b197c5e859.tar.gz
Commit forgotten vpn_ipsec_force_reload()
Diffstat (limited to 'etc')
-rw-r--r--etc/inc/vpn.inc35
1 files changed, 35 insertions, 0 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc
index 07f4481..2aebb32 100644
--- a/etc/inc/vpn.inc
+++ b/etc/inc/vpn.inc
@@ -1093,4 +1093,39 @@ EOD;
return 0;
}
+/* Forcefully restart IPSEC
+ * This is required for when dynamic interfaces reload
+ * For all other occasions the normal vpn_ipsec_configure()
+ * will gracefully reload the settings without restarting
+ */
+function vpn_ipsec_force_reload() {
+ global $config;
+ global $g;
+
+ $ipseccfg = $config['ipsec'];
+
+ /* kill racoon */
+ mwexec("/usr/bin/killall racoon");
+
+ /* wait for process to die */
+ sleep(2);
+
+ /* send a SIGKILL to be sure */
+ sigkillbypid("{$g['varrun_path']}/racoon.pid", "KILL");
+
+ /* flush SPD and SAD */
+ mwexec("/sbin/setkey -FP");
+ mwexec("/sbin/setkey -F");
+
+ /* wait for flushing to finish */
+ sleep(5);
+
+ /* if ipsec is enabled, start up again */
+ if (isset($ipseccfg['enable'])) {
+ log_error("Forcefully reloading IPSEC racoon daemon");
+ vpn_ipsec_configure();
+ }
+
+}
+
?>
OpenPOWER on IntegriCloud