RE: Re: IPSEC diff to test

I'll try it this week if I get a chance.

Thanks for the patch Bill.
John

-----Original Message-----
From: Bill Marquette 
[mailto:bill.marquette-Re5JQEeQqe8AvxtiuMwx3w@xxxxxxxxxxxxxxxx] 
Sent: Sunday, April 16, 2006 11:56 AM
To: pfSense Discussion List; pfsense
Subject: [pfSense Support] Re: IPSEC diff to test

Nobody?  I've made this easier.  Just replace /etc/inc/vpn.inc with
the contents of http://www.pfsense.org/~billm/vpn.inc.txt

If this doesn't get tested, it won't get commited and it certainly
won't be part of 1.0.  It's already late for beta 3 and we're not
expecting a beta 4, so speak now, or forever hold your peace.

--Bill

On 4/4/06, Bill Marquette 
<bill.marquette-Re5JQEeQqe8AvxtiuMwx3w@xxxxxxxxxxxxxxxx> wrote:
> Can I get a couple people to try out the following diff?  It (I think)
> fixes the 'prefer older sa' option that actually prefers newer SA's
> issue (the one where we tell you to click that option to prefer it :))
>  Before I commit this, I'd like some feedback from people that have
> done this to fix ipsec issues as well as people that haven't used this
> option (and can confirm it's not breaking anything).  If it's
> absolutely required, I can post a full version of the file, but the
> full install (I know embedded doesn't have it) should have diff and
> patch, so this should apply.
>
> Save to /tmp/vpn.inc.diff and run:
> cd / && patch < /tmp/vpn.inc.diff
> If there are no "rejected" entries, reboot.  If it fails - go to
> Diagnostics -> Edit file and update /etc/inc/vpn.inc with
>
http://cvstrac.pfsense.com/getfile?f=pfSense/etc/inc/vpn.inc&v=1.89.2.18
>
> Thanks
>
> --Bill
>
>
> Index: vpn.inc
> ===================================================================
> RCS file: /cvsroot/pfSense/etc/inc/vpn.inc,v
> retrieving revision 1.112
> diff -u -r1.112 vpn.inc
> --- vpn.inc     11 Mar 2006 22:45:22 -0000      1.112
> +++ vpn.inc     29 Mar 2006 14:00:23 -0000
> @@ -118,9 +118,9 @@
>        }
>
>        if(isset($config['ipsec']['preferredoldsa'])) {
> -               mwexec("/sbin/sysctl net.key.preferred_oldsa=0");
> +               mwexec("/sbin/sysctl -w net.key.preferred_oldsa=30");
>        } else {
> -               mwexec("/sbin/sysctl -w net.key.preferred_oldsa=-30");
> +               mwexec("/sbin/sysctl -w net.key.preferred_oldsa=0");
>        }
>
>        $number_of_gifs = find_last_gif_device();
> @@ -1233,4 +1233,4 @@
>        return 0;
>  }
>
> -?>
> \ No newline at end of file
> +?>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: 
support-unsubscribe-zsHM3v2T5LBBDgjK7y7TUQ@xxxxxxxxxxxxxxxx
For additional commands, e-mail: 
support-help-zsHM3v2T5LBBDgjK7y7TUQ@xxxxxxxxxxxxxxxx