Sync up with m0n0wall -> Preffered sa selection

1 files changed, 10 insertions, 0 deletions

diff --git a/usr/local/www/system_advanced.php b/usr/local/www/system_advanced.php
index dc0a76d..72d753d 100755
--- a/usr/local/www/system_advanced.php
+++ b/usr/local/www/system_advanced.php
@@ -51,6 +51,7 @@ $pconfig['maximumstates'] = $config['system']['maximumstates'];
 $pconfig['disablerendevouz'] = $config['system']['disablerendevouz'];
 $pconfig['enableserial'] = $config['system']['enableserial'];
 $pconfig['disablefirmwarecheck'] = isset($config['system']['disablefirmwarecheck']);
+$pconfig['preferoldsa_enable'] = isset($config['ipsec']['preferoldsa']);
 
 if ($_POST) {
 
@@ -146,6 +147,8 @@ if ($_POST) {
 		$config['system']['schedulertype'] = $_POST['schedulertype'];
 		$config['system']['maximumstates'] = $_POST['maximumstates'];
 
+                $config['ipsec']['preferoldsa'] = $_POST['preferoldsa_enable'] ? true : false;
+
 		write_config();
 
 		if (($config['system']['webgui']['certificate'] != $oldcert)
@@ -371,6 +374,13 @@ function update_description(itemnum) {
 					Hint:
 					the &quot;set LAN IP address&quot; option in the console menu  resets this setting as well.</td>
                 </tr>
+		<tr>
+                  <td width="22%" valign="top" class="vncell">IPsec SA preferral</td>
+                  <td width="78%" class="vtable">
+                    <input name="preferoldsa_enable" type="checkbox" id="preferoldsa_enable" value="yes" <?php if ($pconfig['preferoldsa_enable']) echo "checked"; ?>>
+                    <strong>Prefer old IPsec SAs</strong><br>By default, if several SAs match, the newest one is preferred if it's at least 30 seconds old.Select this option to always prefer old SAs over new ones.
+                  </td>
+                </tr>		
                 <tr>
                   <td width="22%" valign="top">&nbsp;</td>
                   <td width="78%">