From df4de32d3403e58a45f0e66fccdf67f33e8cde91 Mon Sep 17 00:00:00 2001 From: Chris Buechler Date: Wed, 22 Jul 2015 15:03:20 -0500 Subject: Add IPsec advanced option for strict CRL checking --- etc/inc/vpn.inc | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'etc/inc/vpn.inc') diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index fb477e4..688e9ca 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -713,6 +713,10 @@ EOD; $ipsecconf .= "# This file is automatically generated. Do not edit\n"; $ipsecconf .= "config setup\n\tuniqueids = {$uniqueids}\n"; $ipsecconf .= "\tcharondebug=\"" . vpn_ipsec_configure_loglevels(true) . "\"\n"; + + if (isset($config['ipsec']['strictcrlpolicy'])) { + $ipsecconf .= "\tstrictcrlpolicy = yes \n"; + } if (!isset($config['ipsec']['noshuntlaninterfaces'])) { if ($config['interfaces']['lan']) { -- cgit v1.1