diff options
-rw-r--r-- | etc/inc/vpn.inc | 10 | ||||
-rwxr-xr-x | etc/rc.newipsecdns | 3 | ||||
-rw-r--r-- | usr/local/www/vpn_ipsec_settings.php | 21 |
3 files changed, 19 insertions, 15 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index f591456..278fb45 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -523,6 +523,7 @@ EOD; $natfilterrules = false; /* begin ipsec.conf */ $ipsecconf = ""; + $enablecompression = false; if (is_array($a_phase1) && count($a_phase1)) { $ipsecconf .= "# This file is automatically generated. Do not edit\n"; @@ -824,6 +825,10 @@ EOD; EOD; + if (isset($config['ipsec']['commpression'])) { + $ipsecconnect .= '\tcompress = yes\n'; + $enablecompression = true; + } if (!empty($ikelifeline)) $ipsecconnect .= "\t{$ikelifeline}\n"; if ($ipseclifetime > 0) @@ -884,6 +889,11 @@ EOD; unset($ipsecconf); /* end ipsec.conf */ + if ($enablecompression === true) + set_single_sysctl('net.inet.ipcomp.ipcomp_enable', 1); + else + set_single_sysctl('net.inet.ipcomp.ipcomp_enable', 0); + /* mange process */ if (isvalidpid("{$g['varrun_path']}/charon.pid")) { /* Read secrets */ diff --git a/etc/rc.newipsecdns b/etc/rc.newipsecdns index 431ad93..870283a 100755 --- a/etc/rc.newipsecdns +++ b/etc/rc.newipsecdns @@ -54,8 +54,5 @@ $ipseclck = lock('ipsecdns', LOCK_EX); vpn_ipsec_configure(); -if (isset($config['ipsec']['failoverforcereload'])) - vpn_ipsec_force_reload(); - unlock($ipseclck); ?> diff --git a/usr/local/www/vpn_ipsec_settings.php b/usr/local/www/vpn_ipsec_settings.php index 7ef5783..1ee2f7b 100644 --- a/usr/local/www/vpn_ipsec_settings.php +++ b/usr/local/www/vpn_ipsec_settings.php @@ -46,7 +46,7 @@ foreach ($ipsec_loglevels as $lkey => $ldescr) { if (!empty($config['ipsec']["ipsec_{$lkey}"])) $pconfig["ipsec_{$lkey}"] = $config['ipsec']["ipsec_{$lkey}"]; } -$pconfig['failoverforcereload'] = isset($config['ipsec']['failoverforcereload']); +$pconfig['commpression'] = isset($config['ipsec']['commpression']); $pconfig['acceptunencryptedmainmode'] = isset($config['ipsec']['acceptunencryptedmainmode']); $pconfig['maxmss_enable'] = isset($config['system']['maxmss_enable']); $pconfig['maxmss'] = $config['system']['maxmss']; @@ -129,10 +129,10 @@ if ($_POST) { } } - if($_POST['failoverforcereload'] == "yes") - $config['ipsec']['failoverforcereload'] = true; - elseif (isset($config['ipsec']['failoverforcereload'])) - unset($config['ipsec']['failoverforcereload']); + if($_POST['commpression'] == "yes") + $config['ipsec']['commpression'] = true; + elseif (isset($config['ipsec']['commpression'])) + unset($config['ipsec']['commpression']); if($_POST['acceptunencryptedmainmode'] == "yes") $config['ipsec']['acceptunencryptedmainmode'] = true; @@ -256,15 +256,12 @@ function maxmss_checked(obj) { </td> </tr> <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("IPsec Reload on Failover"); ?></td> + <td width="22%" valign="top" class="vncell"><?=gettext("IP Compression"); ?></td> <td width="78%" class="vtable"> - <input name="failoverforcereload" type="checkbox" id="failoverforcereload" value="yes" <?php if ($pconfig['failoverforcereload']) echo "checked=\"checked\""; ?> /> - <strong><?=gettext("Force IPsec Reload on Failover"); ?></strong> + <input name="commpression" type="checkbox" id="commpression" value="yes" <?php if ($pconfig['commpression']) echo "checked=\"checked\""; ?> /> + <strong><?=gettext("Enable IPCompression"); ?></strong> <br /> - <?=gettext("In some circumstances using a gateway group as the interface for " . - "an IPsec tunnel does not function properly, and IPsec must be forcefully reloaded " . - "when a failover occurs. Because this will disrupt all IPsec tunnels, this behavior" . - " is disabled by default. Check this box to force IPsec to fully reload on failover."); ?> + <?=gettext("IPComp compression of content is proposed on the connectio.n "); ?> </td> </tr> <tr> |