From 9167000171e86cc9601a347e1f2dc73629f56cbe Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Fri, 7 Aug 2020 17:30:38 +0200
Subject: [PATCH] IPSec: prevent ipsec vti interface to hit 32768 limit (create
 numbered, rename and attach afterwards)

@fichtner as promised,  the almost one liner :)
---
 src/etc/inc/plugins.inc.d/ipsec.inc | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/etc/inc/plugins.inc.d/ipsec.inc b/src/etc/inc/plugins.inc.d/ipsec.inc
index 2a0948553..c21bd51ed 100644
--- a/src/etc/inc/plugins.inc.d/ipsec.inc
+++ b/src/etc/inc/plugins.inc.d/ipsec.inc
@@ -1898,7 +1898,11 @@ function ipsec_configure_vti($verbose = false)
         // create required interfaces
         $inet = is_ipaddrv6($intf_details['local']) ? 'inet6' : 'inet';
         if (empty($current_interfaces[$intf])) {
-            if (mwexecf('/sbin/ifconfig %s create reqid %s', array($intf, $intf_details['reqid'])) == 0) {
+            // prevent ipsec vti interface to hit 32768 limit (create numbered, rename and attach afterwards)
+            exec('/sbin/ifconfig ipsec create 2>&1', $cmdout, $cmdret);
+            if ($cmdret == 0) {
+                legacy_interface_rename($cmdout[0], $intf);
+                mwexecf('/sbin/ifconfig %s reqid %s', array($intf, $intf_details['reqid']));
                 mwexecf(
                     '/sbin/ifconfig %s %s tunnel %s %s up',
                     array($intf, $inet, $intf_details['local'], $intf_details['remote'])