Disable all IPsec P1 entries when old version has IPsec globally disabled. Fixes #5699

author: Renato Botelho <renato@netgate.com> 2015-12-28 12:36:01 -0200
committer: Renato Botelho <renato@netgate.com> 2015-12-28 12:36:14 -0200
commit: 33baf237b1e09a6b15361e28466a5a94af95b297 (patch)
tree: a16e6749e71241e50a5c74698f8ee19b5ce9afd3 /src/etc/inc/upgrade_config.inc
parent: 23f4c08f0ba22b517b20f66f912f876018ed6d59 (diff)
download: pfsense-33baf237b1e09a6b15361e28466a5a94af95b297.zip
pfsense-33baf237b1e09a6b15361e28466a5a94af95b297.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/src/etc/inc/upgrade_config.inc b/src/etc/inc/upgrade_config.inc
index 45cc76c..6867522 100644
--- a/src/etc/inc/upgrade_config.inc
+++ b/src/etc/inc/upgrade_config.inc
@@ -4119,6 +4119,14 @@ function upgrade_128_to_129() {
 	/* IPSEC is always on in 2.3. */
 	if (isset($config['ipsec']['enable'])) {
 		unset($config['ipsec']['enable']);
+	} else if (is_array($config['ipsec']['phase1'])) {
+		/*
+		 * If IPsec was globally disabled, disable all
+		 * phase1 entries
+		 */
+		foreach ($config['ipsec']['phase1'] as $idx => $p1) {
+			$config['ipsec']['phase1'][$idx]['disabled'] = true;
+		}
 	}
 }
author	Renato Botelho <renato@netgate.com>	2015-12-28 12:36:01 -0200
committer	Renato Botelho <renato@netgate.com>	2015-12-28 12:36:14 -0200
commit	33baf237b1e09a6b15361e28466a5a94af95b297 (patch)
tree	a16e6749e71241e50a5c74698f8ee19b5ce9afd3 /src/etc/inc/upgrade_config.inc
parent	23f4c08f0ba22b517b20f66f912f876018ed6d59 (diff)
download	pfsense-33baf237b1e09a6b15361e28466a5a94af95b297.zip pfsense-33baf237b1e09a6b15361e28466a5a94af95b297.tar.gz