/usr/local/www/vpn_ipsec_settings.php - Diff - pfSense - pfSense bugtracker

« Previous | Next »

Revision 58c58dcf

Added by Chris Buechler over 10 years ago

ID 58c58dcfa7b13aef5e3a0997bce61018fba6d3ec
Parent 8f5f40c9
Child 3cd4406f, 86481f75, ec67423b, cb743abb

Remove "Prefer old SA" option, and ignore it in all existing configurations. Breaks things in many cases with strongSwan. For the very rare circumstances where this is actually desirable, it's just a sysctl that can be set in tunables.

     require_once("ipsec.inc");
     require_once("vpn.inc");
     $pconfig['preferoldsa_enable'] = isset($config['ipsec']['preferoldsa']);
     foreach ($ipsec_loglevels as $lkey => $ldescr) {
     	if (!empty($config['ipsec']["ipsec_{$lkey}"]))
     		$pconfig["ipsec_{$lkey}"] = $config['ipsec']["ipsec_{$lkey}"];
-...
     	if (!$input_errors) {
     		if($_POST['preferoldsa_enable'] == "yes")
     			$config['ipsec']['preferoldsa'] = true;
     		elseif (isset($config['ipsec']['preferoldsa']))
     			unset($config['ipsec']['preferoldsa']);
     		if (is_array($config['ipsec'])) {
     			foreach ($ipsec_loglevels as $lkey => $ldescr) {
     				if (empty($_POST["ipsec_{$lkey}"])) {
-...
     		else
     			$savemsg = gettext($retval);
     		vpn_ipsec_configure_preferoldsa();
     		vpn_ipsec_configure($needsrestart);
     		vpn_ipsec_configure_loglevels();
-...
     					<tr>
     						<td colspan="2" valign="top" class="listtopic"><?=gettext("IPsec Advanced Settings"); ?></td>
     					</tr>
     					<tr>
     						<td width="22%" valign="top" class="vncell"><?=gettext("Security Associations"); ?></td>
     						<td width="78%" class="vtable">
     							<input name="preferoldsa_enable" type="checkbox" id="preferoldsa_enable" value="yes" <?php if ($pconfig['preferoldsa_enable']) echo "checked=\"checked\""; ?> />
     							<strong><?=gettext("Prefer older IPsec SAs"); ?></strong>
     							<br />
     							<?=gettext("By default, if several SAs match, the newest one is " .
     							"preferred if it's at least 30 seconds old. Select this " .
     							"option to always prefer old SAs over new ones."); ?>
     						</td>
     					</tr>
     					<tr>
     						<td width="22%" valign="top" class="vncell"><?=gettext("IPsec Debug"); ?></td>
     						<td width="78%" class="vtable">

Also available in: Unified diff

Project

General

Profile

pfSense

Revision 58c58dcf

Added by Chris Buechler over 10 years ago