From: Michael Tremer Date: Mon, 19 Feb 2018 23:42:17 +0000 (+0000) Subject: IPsec: Try to restart always-on tunnels immediately X-Git-Tag: v2.19-core120~87 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a261cb06c6cdd3ba14ad0163c8c9e714ae94fc5b;p=ipfire-2.x.git IPsec: Try to restart always-on tunnels immediately When a tunnel that is in always-on configuration closes unexpectedly, we can instruct strongSwan to restart it immediately which is precisely what we do now. Signed-off-by: Michael Tremer --- diff --git a/config/rootfiles/core/119/filelists/files b/config/rootfiles/core/119/filelists/files index 053cb12788..c8f6cc13bb 100644 --- a/config/rootfiles/core/119/filelists/files +++ b/config/rootfiles/core/119/filelists/files @@ -5,4 +5,5 @@ etc/rc.d/init.d/unbound srv/web/ipfire/cgi-bin/index.cgi srv/web/ipfire/cgi-bin/ovpnmain.cgi srv/web/ipfire/cgi-bin/proxy.cgi +srv/web/ipfire/cgi-bin/vpnmain.cgi var/ipfire/langs diff --git a/config/rootfiles/core/119/update.sh b/config/rootfiles/core/119/update.sh index e4c7a77ebe..1231a4941b 100644 --- a/config/rootfiles/core/119/update.sh +++ b/config/rootfiles/core/119/update.sh @@ -73,8 +73,14 @@ rm -vf \ # Start services -# This update need a reboot... -#touch /var/run/need_reboot +# Regenerate IPsec configuration +sudo -u nobody /srv/web/ipfire/cgi-bin/vpnmain.cgi +if grep -q "ENABLED=on" /var/ipfire/vpn/settings; then + /etc/init.d/ipsec restart +fi + +# This update needs a reboot... +touch /var/run/need_reboot # Finish /etc/init.d/fireinfo start diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi index 17873d62be..2a0351ea04 100644 --- a/html/cgi-bin/vpnmain.cgi +++ b/html/cgi-bin/vpnmain.cgi @@ -436,6 +436,12 @@ sub writeipsecfiles { if ($start_action eq 'route' && $inactivity_timeout > 0) { print CONF "\tinactivity=$inactivity_timeout\n"; } + + # Restart the connection immediately when it has gone down + # unexpectedly + if ($start_action eq 'start') { + print CONF "\tcloseaction=restart\n"; + } } # Fragmentation