diff options
| author | Marat Nepomnyashy <marat@vyatta.com> | 2008-01-24 14:19:42 -0800 |
|---|---|---|
| committer | Marat Nepomnyashy <marat@vyatta.com> | 2008-01-24 14:19:42 -0800 |
| commit | a6a936db1296ba09e0267cc169d588fe061b53f7 (patch) | |
| tree | a4ce32cbadb9e1789c3369a786b84cc530327c32 | |
| parent | 375bf795e22c12149dcf5d3ec2b45f213fd39a19 (diff) | |
| download | vyatta-cfg-vpn-a6a936db1296ba09e0267cc169d588fe061b53f7.tar.gz vyatta-cfg-vpn-a6a936db1296ba09e0267cc169d588fe061b53f7.zip | |
Treat ipsec return code 26624 as normal when bringing up a connection, but treat all other error codes as errors. Bug 2671 fix. Also added settings 'nhelpers=5' to mitigate Openswan Bug 412 and 'plutowait=yes' to mitigate Openswan Bug 198.
| -rwxr-xr-x | scripts/vpn-config.pl | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/scripts/vpn-config.pl b/scripts/vpn-config.pl index 56bcff9..561ebe2 100755 --- a/scripts/vpn-config.pl +++ b/scripts/vpn-config.pl @@ -317,6 +317,9 @@ if ($vcVPN->exists('ipsec')) { $genout .= "\tplutodebug=\"$debugmode\"\n"; } + $genout .= "\tnhelpers=5\n"; + $genout .= "\tplutowait=yes\n"; + # # Disable implicit connections # @@ -915,10 +918,14 @@ sub vpn_exec { print LOG "Output:\n$cmd_out\n---\n"; print LOG "Return code: $?\n"; if ($?) { -# $error = 1; ignore execution errors for now - print LOG "VPN commit error. Unable to $desc, received error code $?\n"; - print STDERR "VPN commit error. Unable to $desc, received error code $?\n"; - print STDERR "$cmd_out\n"; + if ($? == 26624 && ($command =~ /^ipsec auto --asynchronous --up/g)) { + print LOG "Return code 26624 OK when bringing up VPN connection.\n"; + } else { + $error = 1; + print LOG "VPN commit error. Unable to $desc, received error code $?\n"; + print STDERR "VPN commit error. Unable to $desc, received error code $?\n"; + print STDERR "$cmd_out\n"; + } } } else { print LOG "Execution not performed due to previous error.\n"; |