From 62dc93d16624a93956eed0e1cfe261cf02354670 Mon Sep 17 00:00:00 2001
From: Chris Buechler <cmb@pfsense.org>
Date: Thu, 26 Mar 2015 16:46:41 -0500
Subject: Include net.key.preferred_oldsa in the sysctl list, set to 0
 (disable) so it doesn't fall through to the default (1).

---
 etc/inc/globals.inc | 1 +
 1 file changed, 1 insertion(+)

(limited to 'etc/inc/globals.inc')

diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc
index caf06ae..ca1439c 100644
--- a/etc/inc/globals.inc
+++ b/etc/inc/globals.inc
@@ -166,6 +166,7 @@ $sysctls = array("net.inet.ip.portrange.first" => "1024",
 	"net.enc.out.ipsec_filter_mask" => "0x0001",
 	"net.enc.in.ipsec_bpf_mask" => "0x0002",
 	"net.enc.in.ipsec_filter_mask" => "0x0002",
+	"net.key.preferred_oldsa" => "0",
 	"net.inet.carp.senderr_demotion_factor" => 0, /* Do not demote CARP for interface send errors */
 	"net.pfsync.carp_demotion_factor" => 0 /* Do not demote CARP for pfsync errors */
 );
-- 
cgit v1.1