diff options
Diffstat (limited to 'src/etc/inc/vpn.inc')
-rw-r--r-- | src/etc/inc/vpn.inc | 22 |
1 files changed, 9 insertions, 13 deletions
diff --git a/src/etc/inc/vpn.inc b/src/etc/inc/vpn.inc index 1052720..d3bcb47 100644 --- a/src/etc/inc/vpn.inc +++ b/src/etc/inc/vpn.inc @@ -434,19 +434,7 @@ function vpn_ipsec_configure($restart = false) { $i_dont_care_about_security_and_use_aggressive_mode_psk = "i_dont_care_about_security_and_use_aggressive_mode_psk=yes"; } - $unity_enabled = 'yes'; - if (isset($config['ipsec']['unityplugin'])) { - $unity_enabled = 'no'; - if (file_exists("/usr/local/lib/ipsec/plugins/libstrongswan-unity.so")) { - conf_mount_rw(); - mwexec("mv /usr/local/lib/ipsec/plugins/libstrongswan-unity.so /usr/local/lib/ipsec/plugins/libstrongswan-unity.MOVED"); - conf_mount_ro(); - } - } else if (file_exists("/usr/local/lib/ipsec/plugins/libstrongswan-unity.MOVED")) { - conf_mount_rw(); - mwexec("mv /usr/local/lib/ipsec/plugins/libstrongswan-unity.MOVED /usr/local/lib/ipsec/plugins/libstrongswan-unity.so"); - conf_mount_ro(); - } + $unity_enabled = isset($config['ipsec']['unityplugin']) ? 'no' : 'yes'; $makebeforebreak = ''; if (isset($config['ipsec']['makebeforebreak'])) { @@ -487,6 +475,7 @@ charon { ikesa_table_segments = 4 init_limit_half_open = 1000 install_routes = no + load_modular = yes {$i_dont_care_about_security_and_use_aggressive_mode_psk} {$accept_unencrypted} cisco_unity = {$unity_enabled} @@ -507,10 +496,17 @@ charon { } plugins { + # Load defaults + include {$g['varetc_path']}/ipsec/strongswan.d/charon/*.conf + stroke { secrets_file = {$g['varetc_path']}/ipsec/ipsec.secrets } + unity { + load = {$unity_enabled} + } + EOD; /* Find RADIUS servers designated for Mobile IPsec user auth */ |