diff options
| author | Saurabh Mohan <saurabh.mohan@vyatta.com> | 2012-09-10 09:58:01 -0700 |
|---|---|---|
| committer | Saurabh Mohan <saurabh.mohan@vyatta.com> | 2012-09-10 09:58:01 -0700 |
| commit | 40d1c6b457e8733241dbe27884e45644d33f3115 (patch) | |
| tree | 2127c07cd10b59e9a440652521d9805c9f106bf7 /scripts | |
| parent | 010f81d14bc4974f631ce4e93f9081ff34ec9497 (diff) | |
| download | vyatta-cfg-vpn-40d1c6b457e8733241dbe27884e45644d33f3115.tar.gz vyatta-cfg-vpn-40d1c6b457e8733241dbe27884e45644d33f3115.zip | |
Bigfix: 8277: ike responder key attempt only once.oxnard
Diffstat (limited to 'scripts')
| -rwxr-xr-x | scripts/vpn-config.pl | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/scripts/vpn-config.pl b/scripts/vpn-config.pl index 7c7f976..0369f76 100755 --- a/scripts/vpn-config.pl +++ b/scripts/vpn-config.pl @@ -798,8 +798,6 @@ if ( $vcVPN->exists('ipsec') ) { } } - ## explicitly set keyingtries to forever ## - $genout .= "\tkeyingtries=%forever\n"; # # Write ESP configuration from group @@ -1053,13 +1051,16 @@ if ( $vcVPN->exists('ipsec') ) { # if ($any_peer) { $genout .= "\tauto=add\n"; + $genout .= "\tkeyingtries=%forever\n"; } else { my $conntype = $vcVPN->returnValue("ipsec site-to-site peer $peer connection-type"); if (defined ($conntype)){ if ($conntype eq "initiate"){ $genout .= "\tauto=start\n"; + $genout .= "\tkeyingtries=%forever\n"; } elsif ($conntype eq "respond"){ $genout .= "\tauto=add\n"; + $genout .= "\tkeyingtries=1\n"; } } else{ |