diff options
author | Luiz Otavio O Souza <luiz@netgate.com> | 2015-10-31 10:21:41 -0500 |
---|---|---|
committer | Luiz Otavio O Souza <luiz@netgate.com> | 2015-10-31 10:21:41 -0500 |
commit | 524999ece863bd7f4624cb8d3b223d7781b21914 (patch) | |
tree | 1fad18f68d765c6cc9f97f6feb23fe3d91ca751a /src/etc/inc | |
parent | 5f0b15e5e04a6dfa3cd8a0896eb9608622c2eda8 (diff) | |
download | pfsense-524999ece863bd7f4624cb8d3b223d7781b21914.zip pfsense-524999ece863bd7f4624cb8d3b223d7781b21914.tar.gz |
It is not necessary manually disable the IPSEC processing when not used.
With the recent IPSEC changes by gnn@, there is no more performance penalty
for 1G networks if you have IPSEC compiled in kernel but not used.
TAG: tryforward
Diffstat (limited to 'src/etc/inc')
-rw-r--r-- | src/etc/inc/vpn.inc | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/src/etc/inc/vpn.inc b/src/etc/inc/vpn.inc index 692f9fe..e94110d 100644 --- a/src/etc/inc/vpn.inc +++ b/src/etc/inc/vpn.inc @@ -143,9 +143,8 @@ function vpn_ipsec_configure($restart = false) { /* wait for process to die */ sleep(2); - /* disallow IPSEC, it is off */ + /* IPSEC is off, shutdown enc interface. */ mwexec("/sbin/ifconfig enc0 down"); - set_single_sysctl("net.inet.ip.ipsec_in_use", "0"); return 0; } @@ -160,7 +159,6 @@ function vpn_ipsec_configure($restart = false) { $crlpath = "{$g['varetc_path']}/ipsec/ipsec.d/crls"; mwexec("/sbin/ifconfig enc0 up"); - set_single_sysctl("net.inet.ip.ipsec_in_use", "1"); if (php_uname('m') != "amd64") { set_single_sysctl("net.inet.ipsec.directdispatch", "0"); } |