diff options
author | Ermal LUÇI <eri@pfsense.org> | 2015-01-07 16:33:46 +0100 |
---|---|---|
committer | Ermal LUÇI <eri@pfsense.org> | 2015-01-07 16:35:04 +0100 |
commit | 40cc36d165ebe44f423554e9bc411f17161fea3b (patch) | |
tree | d89ad1829e8453c803c6a0aaca27a5afc59b968d /usr/local | |
parent | 4ab1ffa0b042e4fda87d66de2fd74a1e6db48272 (diff) | |
download | pfsense-40cc36d165ebe44f423554e9bc411f17161fea3b.zip pfsense-40cc36d165ebe44f423554e9bc411f17161fea3b.tar.gz |
Fixes #4182 by properly managing IPcomp on ipsec tunnels.
Also retires IPsec force reloading advanced sysctl since its useless nowdays with strongswan and remove its call on rc.newipsecdns.
Diffstat (limited to 'usr/local')
-rw-r--r-- | usr/local/www/vpn_ipsec_settings.php | 21 |
1 files changed, 9 insertions, 12 deletions
diff --git a/usr/local/www/vpn_ipsec_settings.php b/usr/local/www/vpn_ipsec_settings.php index 7ef5783..1ee2f7b 100644 --- a/usr/local/www/vpn_ipsec_settings.php +++ b/usr/local/www/vpn_ipsec_settings.php @@ -46,7 +46,7 @@ foreach ($ipsec_loglevels as $lkey => $ldescr) { if (!empty($config['ipsec']["ipsec_{$lkey}"])) $pconfig["ipsec_{$lkey}"] = $config['ipsec']["ipsec_{$lkey}"]; } -$pconfig['failoverforcereload'] = isset($config['ipsec']['failoverforcereload']); +$pconfig['commpression'] = isset($config['ipsec']['commpression']); $pconfig['acceptunencryptedmainmode'] = isset($config['ipsec']['acceptunencryptedmainmode']); $pconfig['maxmss_enable'] = isset($config['system']['maxmss_enable']); $pconfig['maxmss'] = $config['system']['maxmss']; @@ -129,10 +129,10 @@ if ($_POST) { } } - if($_POST['failoverforcereload'] == "yes") - $config['ipsec']['failoverforcereload'] = true; - elseif (isset($config['ipsec']['failoverforcereload'])) - unset($config['ipsec']['failoverforcereload']); + if($_POST['commpression'] == "yes") + $config['ipsec']['commpression'] = true; + elseif (isset($config['ipsec']['commpression'])) + unset($config['ipsec']['commpression']); if($_POST['acceptunencryptedmainmode'] == "yes") $config['ipsec']['acceptunencryptedmainmode'] = true; @@ -256,15 +256,12 @@ function maxmss_checked(obj) { </td> </tr> <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("IPsec Reload on Failover"); ?></td> + <td width="22%" valign="top" class="vncell"><?=gettext("IP Compression"); ?></td> <td width="78%" class="vtable"> - <input name="failoverforcereload" type="checkbox" id="failoverforcereload" value="yes" <?php if ($pconfig['failoverforcereload']) echo "checked=\"checked\""; ?> /> - <strong><?=gettext("Force IPsec Reload on Failover"); ?></strong> + <input name="commpression" type="checkbox" id="commpression" value="yes" <?php if ($pconfig['commpression']) echo "checked=\"checked\""; ?> /> + <strong><?=gettext("Enable IPCompression"); ?></strong> <br /> - <?=gettext("In some circumstances using a gateway group as the interface for " . - "an IPsec tunnel does not function properly, and IPsec must be forcefully reloaded " . - "when a failover occurs. Because this will disrupt all IPsec tunnels, this behavior" . - " is disabled by default. Check this box to force IPsec to fully reload on failover."); ?> + <?=gettext("IPComp compression of content is proposed on the connectio.n "); ?> </td> </tr> <tr> |