From: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri, 4 Aug 2017 13:29:41 +0000 (+0000)
Subject: ipsec: Fix DPD configuration
X-Git-Tag: 009~64
X-Git-Url: http://git.ipfire.org/?p=people%2Fms%2Fnetwork.git;a=commitdiff_plain;h=4e271faaea7e58cd25b7ae62f06e5a5685b253da

ipsec: Fix DPD configuration

dpd_action has to go into the children section

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/functions/functions.ipsec b/src/functions/functions.ipsec
index f324369c..03aefcdd 100644
--- a/src/functions/functions.ipsec
+++ b/src/functions/functions.ipsec
@@ -968,6 +968,12 @@ _ipsec_connection_to_strongswan_connection() {
 		return ${EXIT_ERROR}
 	fi
 
+	# Is DPD enabled?
+	local dpd="false"
+	if isset DPD_DELAY && isinteger DPD_DELAY && [ ${DPD_DELAY} -gt 0 ]; then
+		dpd="true"
+	fi
+
 	print_indent 0 "connections {"
 	print_indent 1 "${connection} {"
 
@@ -1009,10 +1015,8 @@ _ipsec_connection_to_strongswan_connection() {
 	print
 
 	# DPD Settings
-	if isset DPD_DELAY && isinteger DPD_DELAY && [ ${DPD_DELAY} -gt 0 ]; then
+	if enabled dpd; then
 		print_indent 2 "# Dead Peer Detection"
-
-		print_indent 2 "dpd_action = ${DPD_ACTION}"
 		print_indent 2 "dpd_delay = ${DPD_DELAY}"
 
 		if isset DPD_TIMEOUT; then
@@ -1103,6 +1107,13 @@ _ipsec_connection_to_strongswan_connection() {
 	print_indent 4 "mark_out = %unique"
 	print
 
+	# Dead Peer Detection
+	if enabled dpd; then
+		print_indent 4 "# Dead Peer Detection"
+		print_indent 4 "dpd_action = ${DPD_ACTION}"
+		print
+	fi
+
 	# Rekeying
 	if isset LIFETIME; then
 		print_indent 4 "# Rekey Time"