IPsec with certs - vpn_ipsec_force_reload() failure



  • Hey guys and girls,

    I've discovered a problem in restarting racoon by a script while using certs in IPsec authentication. Steps to reproduce:

    • IPsec configured as Mutual RSA + Xauth

    • mobile Clients work as expected

    • restarting racoon about "Status -> Services" is working fine

    • restarting racoon by calling vpn_ipsec_force_reload() in a script via crontab makes racoon crash with signal 15

    • script crash at vpn_ipsec_force_reload() with: function lookup_cert() not found (not exactly, writing by heart)

    solution:
    require_once("certs.inc") before require_once("vpn.inc")

    why it works in GUI:
    status_services.php includes openvpn.inc, which includes certs.inc

    for pfsense development (perhaps, just a suggestion):
    include require_once("certs.inc") in vpn.inc, because in vpn.inc it's called in function vpn_ipsec_configure($ipchg = false) (the file containing a function which calls a missing one, would now be some kind of consistent)

    Please let me know, what you think about… Thanks.

    Kind regards
    Hobby


Log in to reply