From 40d1c6b457e8733241dbe27884e45644d33f3115 Mon Sep 17 00:00:00 2001
From: Saurabh Mohan <saurabh.mohan@vyatta.com>
Date: Mon, 10 Sep 2012 09:58:01 -0700
Subject: Bigfix: 8277: ike responder key attempt only once.

---
 scripts/vpn-config.pl | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'scripts')

diff --git a/scripts/vpn-config.pl b/scripts/vpn-config.pl
index 7c7f976..0369f76 100755
--- a/scripts/vpn-config.pl
+++ b/scripts/vpn-config.pl
@@ -798,8 +798,6 @@ if ( $vcVPN->exists('ipsec') ) {
         }
       }
 
-      ## explicitly set keyingtries to forever ##
-      $genout .= "\tkeyingtries=%forever\n";      
 
       #
       # Write ESP configuration from group
@@ -1053,13 +1051,16 @@ if ( $vcVPN->exists('ipsec') ) {
       #
       if ($any_peer) {
         $genout .= "\tauto=add\n";
+        $genout .= "\tkeyingtries=%forever\n";      
       } else {
         my $conntype = $vcVPN->returnValue("ipsec site-to-site peer $peer connection-type");
         if (defined ($conntype)){
           if ($conntype eq "initiate"){
             $genout .= "\tauto=start\n";
+            $genout .= "\tkeyingtries=%forever\n";      
           } elsif ($conntype eq "respond"){
             $genout .= "\tauto=add\n";
+            $genout .= "\tkeyingtries=1\n";      
           }
         }
         else{
-- 
cgit v1.2.3