diff options
| author | Ryan Riske <ryanriske@gmail.com> | 2014-06-17 12:38:33 -0500 |
|---|---|---|
| committer | Ryan Riske <ryanriske@gmail.com> | 2014-06-17 12:38:33 -0500 |
| commit | 320215ff8e51b0913507b28d0b6e9cafcb781e7e (patch) | |
| tree | b753f4f1ff367408b49aabea5637cf27c4945ccd /scripts | |
| parent | 5e79eac7ae28ba028b3d2e3a0b74ecd7a7b1455a (diff) | |
| download | vyatta-cfg-vpn-320215ff8e51b0913507b28d0b6e9cafcb781e7e.tar.gz vyatta-cfg-vpn-320215ff8e51b0913507b28d0b6e9cafcb781e7e.zip | |
Bug 241: Use auto=route for connection-type respond.
Diffstat (limited to 'scripts')
| -rwxr-xr-x | scripts/vpn-config.pl | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/scripts/vpn-config.pl b/scripts/vpn-config.pl index 4e56a99..b1d0976 100755 --- a/scripts/vpn-config.pl +++ b/scripts/vpn-config.pl @@ -1279,10 +1279,11 @@ if ( $vcVPN->exists('ipsec') ) { $genout .= "\tauto=start\n"; $genout .= "\tkeyingtries=%forever\n"; } elsif ($conntype eq "respond"){ - $genout .= "\tauto=add\n"; + $genout .= "\tauto=route\n"; ## We want to act as a responder. Ideally we do not want to ever - ## be a initiator. The best we can do is to not try to attempt - ## keying forever. + ## be a initiator, but we can't avoid it if SPD entries are installed + ## to protect selected traffic from going out unencrypted. The best we + ## can do is to not try to attempt keying forever. $genout .= "\tkeyingtries=1\n"; } } |