Use a dirty hack to make IKEv1 with multiple phase2 to work correctly with one IKE SA for each subnet

author: Ermal LUÇI <eri@pfsense.org> 2015-04-24 17:30:35 +0200
committer: Ermal LUÇI <eri@pfsense.org> 2015-04-24 17:30:35 +0200
commit: 54dd568af28ebe7b4905fedd3cdf48269e63f001 (patch)
tree: f69bd995bfdf0966ff8b724b4a17b3b8e369daea /etc
parent: 7370c469b38e990751a58f2d6dfac3a043ca9795 (diff)
download: pfsense-54dd568af28ebe7b4905fedd3cdf48269e63f001.zip
pfsense-54dd568af28ebe7b4905fedd3cdf48269e63f001.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc
index 31f907a..193a867 100644
--- a/etc/inc/vpn.inc
+++ b/etc/inc/vpn.inc
@@ -1172,12 +1172,15 @@ EOD;
 			if (!isset($ph1ent['mobile']) && $keyexchange == 'ikev1') {
 				if (!empty($rightsubnet_spec)) {
 					$ipsecfin = '';
+					$keyingtries = 3;
 					foreach ($rightsubnet_spec as $idx => $rsubnet) {
 						$ipsecfin .= "\nconn con{$ph1ent['ikeid']}00{$idx}\n";
 						if (!empty($reqids[$idx])) {
 							$ipsecfin .= "\treqid = " . $reqids[$idx] . "\n";
 						}
 						$ipsecfin .= $ipsecconnect;
+						$ipsecfin .= "\tkeyingtries = {$keyingtries}\n";
+						$keyingtries++;
 						$ipsecfin .= "\trightsubnet = {$rsubnet}\n";
 						$ipsecfin .= "\tleftsubnet = " . $leftsubnet_spec[$idx] . "\n";
 					}
author	Ermal LUÇI <eri@pfsense.org>	2015-04-24 17:30:35 +0200
committer	Ermal LUÇI <eri@pfsense.org>	2015-04-24 17:30:35 +0200
commit	54dd568af28ebe7b4905fedd3cdf48269e63f001 (patch)
tree	f69bd995bfdf0966ff8b724b4a17b3b8e369daea /etc
parent	7370c469b38e990751a58f2d6dfac3a043ca9795 (diff)
download	pfsense-54dd568af28ebe7b4905fedd3cdf48269e63f001.zip pfsense-54dd568af28ebe7b4905fedd3cdf48269e63f001.tar.gz