diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index f5914567ba..278fb45b13 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -523,6 +523,7 @@ EOD; $natfilterrules = false; /* begin ipsec.conf */ $ipsecconf = ""; + $enablecompression = false; if (is_array($a_phase1) && count($a_phase1)) { $ipsecconf .= "# This file is automatically generated. Do not edit\n"; @@ -824,6 +825,10 @@ EOD; EOD; + if (isset($config['ipsec']['commpression'])) { + $ipsecconnect .= '\tcompress = yes\n'; + $enablecompression = true; + } if (!empty($ikelifeline)) $ipsecconnect .= "\t{$ikelifeline}\n"; if ($ipseclifetime > 0) @@ -884,6 +889,11 @@ EOD; unset($ipsecconf); /* end ipsec.conf */ + if ($enablecompression === true) + set_single_sysctl('net.inet.ipcomp.ipcomp_enable', 1); + else + set_single_sysctl('net.inet.ipcomp.ipcomp_enable', 0); + /* mange process */ if (isvalidpid("{$g['varrun_path']}/charon.pid")) { /* Read secrets */ diff --git a/etc/rc.newipsecdns b/etc/rc.newipsecdns index 431ad93c7d..870283a198 100755 --- a/etc/rc.newipsecdns +++ b/etc/rc.newipsecdns @@ -54,8 +54,5 @@ $ipseclck = lock('ipsecdns', LOCK_EX); vpn_ipsec_configure(); -if (isset($config['ipsec']['failoverforcereload'])) - vpn_ipsec_force_reload(); - unlock($ipseclck); ?> diff --git a/usr/local/www/vpn_ipsec_settings.php b/usr/local/www/vpn_ipsec_settings.php index 7ef5783663..1ee2f7b1f2 100644 --- a/usr/local/www/vpn_ipsec_settings.php +++ b/usr/local/www/vpn_ipsec_settings.php @@ -46,7 +46,7 @@ foreach ($ipsec_loglevels as $lkey => $ldescr) { if (!empty($config['ipsec']["ipsec_{$lkey}"])) $pconfig["ipsec_{$lkey}"] = $config['ipsec']["ipsec_{$lkey}"]; } -$pconfig['failoverforcereload'] = isset($config['ipsec']['failoverforcereload']); +$pconfig['commpression'] = isset($config['ipsec']['commpression']); $pconfig['acceptunencryptedmainmode'] = isset($config['ipsec']['acceptunencryptedmainmode']); $pconfig['maxmss_enable'] = isset($config['system']['maxmss_enable']); $pconfig['maxmss'] = $config['system']['maxmss']; @@ -129,10 +129,10 @@ if ($_POST) { } } - if($_POST['failoverforcereload'] == "yes") - $config['ipsec']['failoverforcereload'] = true; - elseif (isset($config['ipsec']['failoverforcereload'])) - unset($config['ipsec']['failoverforcereload']); + if($_POST['commpression'] == "yes") + $config['ipsec']['commpression'] = true; + elseif (isset($config['ipsec']['commpression'])) + unset($config['ipsec']['commpression']); if($_POST['acceptunencryptedmainmode'] == "yes") $config['ipsec']['acceptunencryptedmainmode'] = true; @@ -256,15 +256,12 @@ function maxmss_checked(obj) { - + - /> - + /> +
- +