diff options
| author | jim-p <jimp@pfsense.org> | 2013-06-18 14:00:41 -0400 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2013-06-18 14:03:16 -0400 |
| commit | 8744a1130e3a6ddd1c252b35479495c0bdb71271 (patch) | |
| tree | 2b4028a1d6e0eb697916de66d19c9198a5b227be /usr/local/www/system_advanced_misc.php | |
| parent | a27403c4e662eb0ce0b580af09dbf60066005051 (diff) | |
| download | pfsense-8744a1130e3a6ddd1c252b35479495c0bdb71271.zip pfsense-8744a1130e3a6ddd1c252b35479495c0bdb71271.tar.gz | |
Add an option to force IPsec to reload on failover, which is needed in some cases for IPsec to fail from one interface to another. Ticket #2896
Diffstat (limited to 'usr/local/www/system_advanced_misc.php')
| -rw-r--r-- | usr/local/www/system_advanced_misc.php | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/usr/local/www/system_advanced_misc.php b/usr/local/www/system_advanced_misc.php index 7c0266b..8bcea6f 100644 --- a/usr/local/www/system_advanced_misc.php +++ b/usr/local/www/system_advanced_misc.php @@ -61,6 +61,7 @@ $pconfig['srctrack'] = $config['system']['srctrack']; $pconfig['gw_switch_default'] = isset($config['system']['gw_switch_default']); $pconfig['preferoldsa_enable'] = isset($config['ipsec']['preferoldsa']); $pconfig['racoondebug_enable'] = isset($config['ipsec']['racoondebug']); +$pconfig['failoverforcereload'] = isset($config['ipsec']['failoverforcereload']); $pconfig['maxmss_enable'] = isset($config['system']['maxmss_enable']); $pconfig['maxmss'] = $config['system']['maxmss']; $pconfig['powerd_enable'] = isset($config['system']['powerd_enable']); @@ -159,6 +160,11 @@ if ($_POST) { elseif (isset($config['ipsec']['preferoldsa'])) unset($config['ipsec']['preferoldsa']); + if($_POST['failoverforcereload'] == "yes") + $config['ipsec']['failoverforcereload'] = true; + elseif (isset($config['ipsec']['failoverforcereload'])) + unset($config['ipsec']['failoverforcereload']); + $need_racoon_restart = false; if($_POST['racoondebug_enable'] == "yes") { if (!isset($config['ipsec']['racoondebug'])) { @@ -513,6 +519,18 @@ function tmpvar_checked(obj) { </td> </tr> <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("IPsec Reload on Failover"); ?></td> + <td width="78%" class="vtable"> + <input name="failoverforcereload" type="checkbox" id="failoverforcereload" value="yes" <?php if ($pconfig['failoverforcereload']) echo "checked=\"checked\""; ?> /> + <strong><?=gettext("Force IPsec Reload on Failover"); ?></strong> + <br /> + <?=gettext("In some circumstances using a gateway group as the interface for " . + "an IPsec tunnel does not function properly, and IPsec must be forcefully reloaded " . + "when a failover occurs. Because this will disrupt all IPsec tunnels, this behavior" . + " is disabled by default. Check this box to force IPsec to fully reload on failover."); ?> + </td> + </tr> + <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Maximum MSS"); ?></td> <td width="78%" class="vtable"> <input name="maxmss_enable" type="checkbox" id="maxmss_enable" value="yes" <?php if ($pconfig['maxmss_enable'] == true) echo "checked=\"checked\""; ?> onclick="maxmss_checked(this)" /> |
