webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-27 11:13:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

ipsec: Do not reject connections in on-demand mode

Browse Source 
When an on-demand VPN connection is not up, the packets will
traverse the firewall and be rejected by the IPSECBLOCK chain
which will cause that an ICMP error message will be sent to
the client. If that does not happen and the packet is being
silently dropped, the client will retransmit and by then
the VPN connection will hopefully be up.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This commit is contained in:
Michael Tremer
2017-03-24 13:24:42 +01:00
parent e89b407f88
commit cda384a280
2 changed files with 36 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
config/rootfiles/core/110/filelists/files
View File

@@ -13,6 +13,7 @@ srv/web/ipfire/cgi-bin/vpnmain.cgi
srv/web/ipfire/html/themes/darkdos/include/style.css
srv/web/ipfire/html/themes/ipfire/include/css/style.css
srv/web/ipfire/html/themes/maniac/include/style.css
usr/lib/firewall/ipsec-block
usr/lib/libssp.so.0
usr/lib/libssp.so.0.0.0
usr/local/bin/xt_geoip_update