diff options
Diffstat (limited to 'etc/inc/vpn.inc')
-rw-r--r-- | etc/inc/vpn.inc | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 8a2bb85..1933e9f 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -86,7 +86,7 @@ function vpn_ipsec_configure($ipchg = false) unlink_if_exists("{$g['vardb_path']}/ipsecpinghosts"); touch("{$g['vardb_path']}/ipsecpinghosts"); - if(isset($config['ipsec']['preferredoldsa'])) + if(isset($config['ipsec']['preferoldsa'])) mwexec("/sbin/sysctl -w net.key.preferred_oldsa=-30"); else mwexec("/sbin/sysctl net.key.preferred_oldsa=0"); @@ -103,21 +103,21 @@ function vpn_ipsec_configure($ipchg = false) if (!isset($ipseccfg['enable'])) { mwexec("/sbin/ifconfig enc0 down"); + /* send a SIGKILL to be sure */ + sigkillbypid("{$g['varrun_path']}/racoon.pid", "KILL"); + /* kill racoon */ if(is_process_running("racoon")) mwexec("/usr/bin/killall racoon", true); killbypid("{$g['varrun_path']}/dnswatch-ipsec.pid"); - + /* wait for racoon process to die */ sleep(2); - /* send a SIGKILL to be sure */ - sigkillbypid("{$g['varrun_path']}/racoon.pid", "KILL"); - /* flush SPD and SAD */ - mwexec("/usr/local/sbin/setkey -FP"); mwexec("/usr/local/sbin/setkey -F"); - + mwexec("/usr/local/sbin/setkey -FP"); + /* disallow IPSEC, it is off */ // exec("/sbin/sysctl net.inet.ip.ipsec_in_use=0"); @@ -162,7 +162,7 @@ function vpn_ipsec_configure($ipchg = false) $rg = $ph1ent['remote-gateway']; if (!is_ipaddr($rg)) { - $dnswatch_list[] = $rg; + $dnswatch_list[] = "{$rg} = value"; add_hostname_to_watch($rg); $rg = resolve_retry($rg); if (!$rg) |