IPSEC diff to test

Can I get a couple people to try out the following diff?  It (I think)
fixes the 'prefer older sa' option that actually prefers newer SA's
issue (the one where we tell you to click that option to prefer it :))
 Before I commit this, I'd like some feedback from people that have
done this to fix ipsec issues as well as people that haven't used this
option (and can confirm it's not breaking anything).  If it's
absolutely required, I can post a full version of the file, but the
full install (I know embedded doesn't have it) should have diff and
patch, so this should apply.

Save to /tmp/vpn.inc.diff and run:
cd / && patch < /tmp/vpn.inc.diff
If there are no "rejected" entries, reboot.  If it fails - go to
Diagnostics -> Edit file and update /etc/inc/vpn.inc with
http://cvstrac.pfsense.com/getfile?f=pfSense/etc/inc/vpn.inc&v=1.89.2.18

Thanks

--Bill


Index: vpn.inc
===================================================================
RCS file: /cvsroot/pfSense/etc/inc/vpn.inc,v
retrieving revision 1.112
diff -u -r1.112 vpn.inc
--- vpn.inc     11 Mar 2006 22:45:22 -0000      1.112
+++ vpn.inc     29 Mar 2006 14:00:23 -0000
@@ -118,9 +118,9 @@
       }

       if(isset($config['ipsec']['preferredoldsa'])) {
-               mwexec("/sbin/sysctl net.key.preferred_oldsa=0");
+               mwexec("/sbin/sysctl -w net.key.preferred_oldsa=30");
       } else {
-               mwexec("/sbin/sysctl -w net.key.preferred_oldsa=-30");
+               mwexec("/sbin/sysctl -w net.key.preferred_oldsa=0");
       }

       $number_of_gifs = find_last_gif_device();
@@ -1233,4 +1233,4 @@
       return 0;
 }

-?>
\ No newline at end of file
+?>