diff options
| author | Matt Smith <mgsmith@netgate.com> | 2014-07-30 10:57:15 -0500 |
|---|---|---|
| committer | Matt Smith <mgsmith@netgate.com> | 2014-07-30 10:57:15 -0500 |
| commit | fa0a1411026bcbf173fbe6d573dfc260ee883102 (patch) | |
| tree | 9cc23a0423848df5f11d595a1ce7fa01fdefe37e /etc | |
| parent | 63dd9f085120c567bddde8123e3994f984b8f936 (diff) | |
| download | pfsense-fa0a1411026bcbf173fbe6d573dfc260ee883102.zip pfsense-fa0a1411026bcbf173fbe6d573dfc260ee883102.tar.gz | |
Fix for #3785 - 'strongswan config being generated with ike SA lifetime set to value of ipsec SA lifetime'
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/vpn.inc | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 92da262..cb84dc4 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -581,9 +581,9 @@ EOD; if (!empty($ph1ent['authentication_method']) && (strpos($ph1ent['authentication_method'], "xauth") || strpos($ph1ent['authentication_method'], "hybrid"))) $xauth = "xauth = server"; - $lifeline = ''; + $ikelifeline = ''; if ($ph1ent['lifetime']) - $lifeline = "ikelifetime = {$ph1ent['lifetime']}s"; + $ikelifeline = "ikelifetime = {$ph1ent['lifetime']}s"; $remoteid_spec = ''; if (($ph2ent['mode'] == 'tunnel') or ($ph2ent['mode'] == 'tunnel6')) { @@ -721,8 +721,9 @@ EOD; } + $ipseclifetime = ''; if ($ph2ent['lifetime']) - $lifeline = "ikelifetime = {$ph2ent['lifetime']}s"; + $ipseclifeline = "lifetime = {$ph2ent['lifetime']}s"; $ipsecconf .=<<<EOD @@ -734,7 +735,8 @@ conn con{$ph2_index}-{$ph1ent['ikeid']} reauth = yes reqid = {$ikeid} installpolicy = yes - {$lifeline} + {$ikelifeline} + {$ipseclifeline} {$tunneltype} {$dpdline} auto = {$passive} |
