diff options
| -rw-r--r-- | etc/inc/vpn.inc | 12 | ||||
| -rw-r--r-- | usr/local/www/vpn_ipsec_settings.php | 18 |
2 files changed, 1 insertions, 29 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 283e455..3ec14de 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -105,8 +105,6 @@ function vpn_ipsec_configure($restart = false) unlink_if_exists("{$g['vardb_path']}/ipsecpinghosts"); touch("{$g['vardb_path']}/ipsecpinghosts"); - vpn_ipsec_configure_preferoldsa(); - $syscfg = $config['system']; $ipseccfg = $config['ipsec']; if (!isset($ipseccfg['enable'])) { @@ -1771,12 +1769,4 @@ EOD; return 0; } -function vpn_ipsec_configure_preferoldsa() { - global $config; - if(isset($config['ipsec']['preferoldsa'])) - set_single_sysctl("net.key.preferred_oldsa", "-30"); - else - set_single_sysctl("net.key.preferred_oldsa", "0"); -} - -?> +?>
\ No newline at end of file diff --git a/usr/local/www/vpn_ipsec_settings.php b/usr/local/www/vpn_ipsec_settings.php index 5c3ea27..39c1862 100644 --- a/usr/local/www/vpn_ipsec_settings.php +++ b/usr/local/www/vpn_ipsec_settings.php @@ -41,7 +41,6 @@ require_once("shaper.inc"); require_once("ipsec.inc"); require_once("vpn.inc"); -$pconfig['preferoldsa_enable'] = isset($config['ipsec']['preferoldsa']); foreach ($ipsec_loglevels as $lkey => $ldescr) { if (!empty($config['ipsec']["ipsec_{$lkey}"])) $pconfig["ipsec_{$lkey}"] = $config['ipsec']["ipsec_{$lkey}"]; @@ -115,11 +114,6 @@ if ($_POST) { if (!$input_errors) { - if($_POST['preferoldsa_enable'] == "yes") - $config['ipsec']['preferoldsa'] = true; - elseif (isset($config['ipsec']['preferoldsa'])) - unset($config['ipsec']['preferoldsa']); - if (is_array($config['ipsec'])) { foreach ($ipsec_loglevels as $lkey => $ldescr) { if (empty($_POST["ipsec_{$lkey}"])) { @@ -182,7 +176,6 @@ if ($_POST) { else $savemsg = gettext($retval); - vpn_ipsec_configure_preferoldsa(); vpn_ipsec_configure($needsrestart); vpn_ipsec_configure_loglevels(); @@ -243,17 +236,6 @@ function maxmss_checked(obj) { <td colspan="2" valign="top" class="listtopic"><?=gettext("IPsec Advanced Settings"); ?></td> </tr> <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Security Associations"); ?></td> - <td width="78%" class="vtable"> - <input name="preferoldsa_enable" type="checkbox" id="preferoldsa_enable" value="yes" <?php if ($pconfig['preferoldsa_enable']) echo "checked=\"checked\""; ?> /> - <strong><?=gettext("Prefer older IPsec SAs"); ?></strong> - <br /> - <?=gettext("By default, if several SAs match, the newest one is " . - "preferred if it's at least 30 seconds old. Select this " . - "option to always prefer old SAs over new ones."); ?> - </td> - </tr> - <tr> <td width="22%" valign="top" class="vncell"><?=gettext("IPsec Debug"); ?></td> <td width="78%" class="vtable"> <strong><?=gettext("Start IPsec in debug mode based on sections selected"); ?></strong> |
