I'll try it this week if I get a chance. Thanks for the patch Bill. John
-----Original Message----- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: Sunday, April 16, 2006 11:56 AM To: pfSense Discussion List; pfsense Subject: [pfSense Support] Re: IPSEC diff to test Nobody? I've made this easier. Just replace /etc/inc/vpn.inc with the contents of http://www.pfsense.org/~billm/vpn.inc.txt If this doesn't get tested, it won't get commited and it certainly won't be part of 1.0. It's already late for beta 3 and we're not expecting a beta 4, so speak now, or forever hold your peace. --Bill On 4/4/06, Bill Marquette <[EMAIL PROTECTED]> wrote: > Can I get a couple people to try out the following diff? It (I think) > fixes the 'prefer older sa' option that actually prefers newer SA's > issue (the one where we tell you to click that option to prefer it :)) > Before I commit this, I'd like some feedback from people that have > done this to fix ipsec issues as well as people that haven't used this > option (and can confirm it's not breaking anything). If it's > absolutely required, I can post a full version of the file, but the > full install (I know embedded doesn't have it) should have diff and > patch, so this should apply. > > Save to /tmp/vpn.inc.diff and run: > cd / && patch < /tmp/vpn.inc.diff > If there are no "rejected" entries, reboot. If it fails - go to > Diagnostics -> Edit file and update /etc/inc/vpn.inc with > http://cvstrac.pfsense.com/getfile?f=pfSense/etc/inc/vpn.inc&v=1.89.2.18 > > Thanks > > --Bill > > > Index: vpn.inc > =================================================================== > RCS file: /cvsroot/pfSense/etc/inc/vpn.inc,v > retrieving revision 1.112 > diff -u -r1.112 vpn.inc > --- vpn.inc 11 Mar 2006 22:45:22 -0000 1.112 > +++ vpn.inc 29 Mar 2006 14:00:23 -0000 > @@ -118,9 +118,9 @@ > } > > if(isset($config['ipsec']['preferredoldsa'])) { > - mwexec("/sbin/sysctl net.key.preferred_oldsa=0"); > + mwexec("/sbin/sysctl -w net.key.preferred_oldsa=30"); > } else { > - mwexec("/sbin/sysctl -w net.key.preferred_oldsa=-30"); > + mwexec("/sbin/sysctl -w net.key.preferred_oldsa=0"); > } > > $number_of_gifs = find_last_gif_device(); > @@ -1233,4 +1233,4 @@ > return 0; > } > > -?> > \ No newline at end of file > +?> > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]