system: set filtertunnel for IPsec to fix TCP teardown

c0cb9dbc · Franco Fichtner · f20640d0 · c0cb9dbc
Commit c0cb9dbc authored Feb 03, 2017 by Franco Fichtner
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 4 deletions

system.inc src/etc/inc/system.inc +6 -4

No files found.
--- a/src/etc/inc/system.inc
+++ b/src/etc/inc/system.inc
@@ -130,10 +130,12 @@ function activate_sysctls()
    global $config;

    $sysctls = array(
-        "net.enc.in.ipsec_bpf_mask" => "0x0002",
-        "net.enc.in.ipsec_filter_mask" => "0x0002",
-        "net.enc.out.ipsec_bpf_mask" => "0x0001",
-        "net.enc.out.ipsec_filter_mask" => "0x0001"
+        'net.inet.ipsec.filtertunnel' => '1',
+        'net.inet6.ipsec6.filtertunnel' => '1',
+        'net.enc.in.ipsec_bpf_mask' => '0x0002',
+        'net.enc.in.ipsec_filter_mask' => '0x0002',
+        'net.enc.out.ipsec_bpf_mask' => '0x0001',
+        'net.enc.out.ipsec_filter_mask' => '0x0001',
    );

    if (isset($config['sysctl']['item'])) {