Apply a different fix to issue #2993.

Instead of forcing the encrypted traffic in transport mode as ENC_AFTER, just change the mask to allow ENC_BEFORE events. Theoretically, this eliminate the need of ipsec_transport_filterfix.diff. Issue: #2993
author: Luiz Otavio O Souza <luiz@netgate.com> 2015-10-31 09:32:42 -0500
committer: Luiz Otavio O Souza <luiz@netgate.com> 2015-10-31 09:39:26 -0500
commit: dd8df8e138c21941faf0254a412ab2481fa1df17 (patch)
tree: f859ff25c3c18e157c6bbee01057e9c6ab072163 /src/etc/inc/globals.inc
parent: 48d21f07e5b05181a87a0adae08728ae80d753cd (diff)
download: pfsense-dd8df8e138c21941faf0254a412ab2481fa1df17.zip
pfsense-dd8df8e138c21941faf0254a412ab2481fa1df17.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/src/etc/inc/globals.inc b/src/etc/inc/globals.inc
index adc4f28..7ed8417 100644
--- a/src/etc/inc/globals.inc
+++ b/src/etc/inc/globals.inc
@@ -158,8 +158,8 @@ $sysctls = array("net.inet.ip.portrange.first" => "1024",
 	"net.inet6.ip6.rfc6204w3" => 1,
 	"net.enc.out.ipsec_bpf_mask" => "0x0001",
 	"net.enc.out.ipsec_filter_mask" => "0x0001",
-	"net.enc.in.ipsec_bpf_mask" => "0x0002",
-	"net.enc.in.ipsec_filter_mask" => "0x0002",
+	"net.enc.in.ipsec_bpf_mask" => "0x0003",
+	"net.enc.in.ipsec_filter_mask" => "0x0003",
 	"net.key.preferred_oldsa" => "0",
 	"net.inet.carp.senderr_demotion_factor" => 0, /* Do not demote CARP for interface send errors */
 	"net.pfsync.carp_demotion_factor" => 0 /* Do not demote CARP for pfsync errors */
author	Luiz Otavio O Souza <luiz@netgate.com>	2015-10-31 09:32:42 -0500
committer	Luiz Otavio O Souza <luiz@netgate.com>	2015-10-31 09:39:26 -0500
commit	dd8df8e138c21941faf0254a412ab2481fa1df17 (patch)
tree	f859ff25c3c18e157c6bbee01057e9c6ab072163 /src/etc/inc/globals.inc
parent	48d21f07e5b05181a87a0adae08728ae80d753cd (diff)
download	pfsense-dd8df8e138c21941faf0254a412ab2481fa1df17.zip pfsense-dd8df8e138c21941faf0254a412ab2481fa1df17.tar.gz