From dd02e2123114ce02fd2f18d0924a71d56d49fc1c Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Tue, 16 Jul 2019 16:55:03 +0200
Subject: [PATCH] IPsec, change dpd action on "start" to "dpdaction = restart"
 and remove already default "dpdaction = none" if not set. as discussed with
 @mimugmail

---
 src/etc/inc/plugins.inc.d/ipsec.inc | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/etc/inc/plugins.inc.d/ipsec.inc b/src/etc/inc/plugins.inc.d/ipsec.inc
index 68819f8ae..74545178d 100644
--- a/src/etc/inc/plugins.inc.d/ipsec.inc
+++ b/src/etc/inc/plugins.inc.d/ipsec.inc
@@ -1197,7 +1197,7 @@ function ipsec_configure_do($verbose = false, $interface = '')
                 }
 
                 if (!empty($ph1ent['dpd_delay']) && !empty($ph1ent['dpd_maxfail'])) {
-                    if ($conn_auto == "route") {
+                    if (in_array($conn_auto, array('route', 'start'))) {
                         $dpdline = "dpdaction = restart";
                     } else {
                         $dpdline = "dpdaction = clear";
@@ -1205,8 +1205,6 @@ function ipsec_configure_do($verbose = false, $interface = '')
                     $dpdline .= "\n\tdpddelay = {$ph1ent['dpd_delay']}s";
                     $dpdtimeout = $ph1ent['dpd_delay'] * ($ph1ent['dpd_maxfail'] + 1);
                     $dpdline .= "\n\tdpdtimeout = {$dpdtimeout}s";
-                } else {
-                    $dpdline = "dpdaction = none";
                 }
 
                 if (!empty($ph1ent['lifetime'])) {