From 9c04a8c0799335774db5bb163bd59ff510c04e12 Mon Sep 17 00:00:00 2001
From: Chris Buechler <cmb@pfsense.org>
Date: Fri, 6 May 2011 22:51:52 -0400
Subject: passive should always be on for mobile clients per racoon man page

---
 etc/inc/vpn.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'etc/inc/vpn.inc')

diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc
index 4dc9c6b..b414d4a 100644
--- a/etc/inc/vpn.inc
+++ b/etc/inc/vpn.inc
@@ -485,9 +485,9 @@ function vpn_ipsec_configure($ipchg = false)
 					$passive = "";
 					if (isset($ph1ent['mobile'])) {
 						$rgip = "anonymous";
+						$passive = "passive on;";
 						/* Mimic 1.2.3's behavior for pure-psk mobile tunnels */
 						if ($ph1ent['authentication_method'] == "pre_shared_key") {
-							$passive = "passive on;";
 							$pcheck = !empty($ph1ent['proposal_check']) ? $ph1ent['proposal_check'] : $pcheck = "obey";
 							$genp = "on";
 						} else {
-- 
cgit v1.1