diff options
Diffstat (limited to 'etc/inc/vpn.inc')
| -rw-r--r-- | etc/inc/vpn.inc | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 07f4481..2aebb32 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -1093,4 +1093,39 @@ EOD; return 0; } +/* Forcefully restart IPSEC + * This is required for when dynamic interfaces reload + * For all other occasions the normal vpn_ipsec_configure() + * will gracefully reload the settings without restarting + */ +function vpn_ipsec_force_reload() { + global $config; + global $g; + + $ipseccfg = $config['ipsec']; + + /* kill racoon */ + mwexec("/usr/bin/killall racoon"); + + /* wait for process to die */ + sleep(2); + + /* send a SIGKILL to be sure */ + sigkillbypid("{$g['varrun_path']}/racoon.pid", "KILL"); + + /* flush SPD and SAD */ + mwexec("/sbin/setkey -FP"); + mwexec("/sbin/setkey -F"); + + /* wait for flushing to finish */ + sleep(5); + + /* if ipsec is enabled, start up again */ + if (isset($ipseccfg['enable'])) { + log_error("Forcefully reloading IPSEC racoon daemon"); + vpn_ipsec_configure(); + } + +} + ?> |
