Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPsec with certs - vpn_ipsec_force_reload() failure

    Development
    1
    1
    1767
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      Hobby-Student
      last edited by

      Hey guys and girls,

      I've discovered a problem in restarting racoon by a script while using certs in IPsec authentication. Steps to reproduce:

      • IPsec configured as Mutual RSA + Xauth

      • mobile Clients work as expected

      • restarting racoon about "Status -> Services" is working fine

      • restarting racoon by calling vpn_ipsec_force_reload() in a script via crontab makes racoon crash with signal 15

      • script crash at vpn_ipsec_force_reload() with: function lookup_cert() not found (not exactly, writing by heart)

      solution:
      require_once("certs.inc") before require_once("vpn.inc")

      why it works in GUI:
      status_services.php includes openvpn.inc, which includes certs.inc

      for pfsense development (perhaps, just a suggestion):
      include require_once("certs.inc") in vpn.inc, because in vpn.inc it's called in function vpn_ipsec_configure($ipchg = false) (the file containing a function which calls a missing one, would now be some kind of consistent)

      Please let me know, what you think about… Thanks.

      Kind regards
      Hobby

      1 Reply Last reply Reply Quote 0
      • First post
        Last post