summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--etc/inc/vpn.inc19
-rwxr-xr-xetc/rc.newwanip4
-rwxr-xr-xetc/rc.newwanipv64
3 files changed, 20 insertions, 7 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc
index 787abd4..d43c069 100644
--- a/etc/inc/vpn.inc
+++ b/etc/inc/vpn.inc
@@ -998,12 +998,25 @@ EOD;
* For all other occasions the normal vpn_ipsec_configure()
* will gracefully reload the settings without restarting
*/
-function vpn_ipsec_force_reload() {
- global $config;
- global $g;
+function vpn_ipsec_force_reload($interface = "") {
+ global $g, $config;
$ipseccfg = $config['ipsec'];
+ if (!empty($interface) && is_array($ipseccfg['phase1'])) {
+ $found = false;
+ foreach ($ipseccfg['phase1'] as $ipsec) {
+ if (!isset($ipsec['disabled']) && ($ipsec['interface'] == $interface)) {
+ $found = true;
+ break;
+ }
+ }
+ if (!$found) {
+ log_error(sprintf(gettext("Ignoring IPsec racoon daemon reload since there are no tunnels on interface %s"), $interface));
+ return;
+ }
+ }
+
/* send a SIGKILL to be sure */
killbypid("{$g['varrun_path']}/racoon.pid");
diff --git a/etc/rc.newwanip b/etc/rc.newwanip
index d678927..00c3ac3 100755
--- a/etc/rc.newwanip
+++ b/etc/rc.newwanip
@@ -171,7 +171,7 @@ if (is_ipaddr($oldip) && $curwanip == $oldip) {
* could be failing back in which case we need to switch IPs back anyhow. */
/* reconfigure IPsec tunnels */
- vpn_ipsec_force_reload();
+ vpn_ipsec_force_reload($interface);
/* start OpenVPN server & clients */
if (substr($interface_real, 0, 4) != "ovpn")
@@ -194,7 +194,7 @@ services_dnsupdate_process($interface);
services_dyndns_configure($interface);
/* reconfigure IPsec tunnels */
-vpn_ipsec_force_reload();
+vpn_ipsec_force_reload($interface);
/* start OpenVPN server & clients */
if (substr($interface_real, 0, 4) != "ovpn")
diff --git a/etc/rc.newwanipv6 b/etc/rc.newwanipv6
index 1bd4553..287ea6a 100755
--- a/etc/rc.newwanipv6
+++ b/etc/rc.newwanipv6
@@ -135,7 +135,7 @@ if (is_ipaddrv6($oldipv6)) {
// Still need to sync VPNs on PPPoE and such, as even with the same IP the VPN software is unhappy with the IP disappearing.
if (in_array($config['interfaces'][$interface]['ipaddrv6'], array('pppoe', 'pptp', 'ppp'))) {
/* reconfigure IPsec tunnels */
- vpn_ipsec_force_reload();
+ vpn_ipsec_force_reload($interface);
/* start OpenVPN server & clients */
openvpn_resync_all($interface);
@@ -154,7 +154,7 @@ services_dnsupdate_process($interface);
services_dyndns_configure($interface);
/* reconfigure IPsec tunnels */
-vpn_ipsec_force_reload();
+vpn_ipsec_force_reload($interface);
/* start OpenVPN server & clients */
if (substr($interface_real, 0, 4) != "ovpn")
OpenPOWER on IntegriCloud