From 74e4543842c47efda37e3b078b8e5cc3f54ce9ba Mon Sep 17 00:00:00 2001
From: jim-p <jimp@netgate.com>
Date: Fri, 31 Aug 2018 09:54:39 -0400
Subject: Move IPsec VTI interface cleanup list. Fixes #8858

Generate the cleanup list before the P1 loop but after the initial
interface configuration.
---
 src/etc/inc/vpn.inc | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/etc/inc/vpn.inc b/src/etc/inc/vpn.inc
index bd688e1..0f679a1 100644
--- a/src/etc/inc/vpn.inc
+++ b/src/etc/inc/vpn.inc
@@ -371,6 +371,12 @@ function vpn_ipsec_configure($restart = false) {
 		unset($ipsecpinghosts);
 	}
 	unset($iflist);
+	/* Build a list of all IPsec interfaces configured on the firewall at the OS level */
+	foreach (get_interface_arr() as $thisif) {
+		if (substr($thisif, 0, 5) == "ipsec") {
+			$ipsec_vti_cleanup_ifs[] = $thisif;
+		}
+	}
 
 	$accept_unencrypted = "";
 	if (isset($config['ipsec']['acceptunencryptedmainmode'])) {
@@ -1412,12 +1418,6 @@ EOD;
 				$ipsecconnect .= "\taggressive = {$aggressive}\n";
 			}
 
-			/* Build a list of all IPsec interfaces configured on the firewall at the OS level */
-			foreach (get_interface_arr() as $thisif) {
-				if (substr($thisif, 0, 5) == "ipsec") {
-					$ipsec_vti_cleanup_ifs[] = $thisif;
-				}
-			}
 			if (!isset($ph1ent['mobile']) && ($keyexchange == 'ikev1' || isset($ph1ent['splitconn']))) {
 				if (!empty($rightsubnet_spec)) {
 					$ipsecfin = '';
-- 
cgit v1.1