diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2007-06-30 20:57:30 +0000 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2007-06-30 20:57:30 +0000 |
| commit | 66cc67c6ececa3adfa666afc703a6d998f863220 (patch) | |
| tree | a67cb95bd2f28edfa9f4e99021afeb95202afb1b | |
| parent | d584a8978edad7136c91628a675b626b389a4aa3 (diff) | |
| download | pfsense-66cc67c6ececa3adfa666afc703a6d998f863220.zip pfsense-66cc67c6ececa3adfa666afc703a6d998f863220.tar.gz | |
Add ASN1DN identities support to IPSEC.
Subbmitted-by: Nic Bernstein <nic_AT_onlight.com>
| -rw-r--r-- | etc/inc/vpn.inc | 11 | ||||
| -rwxr-xr-x | usr/local/www/guiconfig.inc | 1 | ||||
| -rwxr-xr-x | usr/local/www/vpn_ipsec_edit.php | 6 |
3 files changed, 17 insertions, 1 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 23e3439..cbeff52 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -315,6 +315,9 @@ function vpn_ipsec_configure($ipchg = false) { } else if (isset($tunnel['p1']['myident']['ufqdn'])) { $myidentt = "user_fqdn"; $myident = $tunnel['p1']['myident']['ufqdn']; + } else if (isset($tunnel['p1']['myident']['asn1dn'])) { + $myidentt = "asn1dn"; + $myident = $tunnel['p1']['myident']['asn1dn']; } else if (isset($tunnel['p1']['myident']['dyn_dns'])) { $myidentt = "dyn_dns"; $myident = gethostbyname($tunnel['p1']['myident']['dyn_dns']); @@ -376,10 +379,13 @@ function vpn_ipsec_configure($ipchg = false) { EOD; } } + $myidentifier = $myidentt; + if (!empty($myident)) + $myidentifier .= ' "' . $myident . '"'; $racoonconf .= <<<EOD remote {$tunnel['remote-gateway']} \{ exchange_mode {$tunnel['p1']['mode']}; - my_identifier {$myidentt} "{$myident}"; + my_identifier {$myidentifier}; {$certline} peers_identifier address {$tunnel['remote-gateway']}; initial_contact on; @@ -440,6 +446,9 @@ EOD; } else if (isset($tunnel['p1']['myident']['ufqdn'])) { $myidentt = "user_fqdn"; $myident = $tunnel['p1']['myident']['ufqdn']; + } else if (isset($tunnel['p1']['myident']['asn1dn'])) { + $myidentt = "asn1dn"; + $myident = $tunnel['p1']['myident']['asn1dn']; } if (isset($tunnel['p1']['authentication_method'])) { diff --git a/usr/local/www/guiconfig.inc b/usr/local/www/guiconfig.inc index 8b96ef2..afd4c54 100755 --- a/usr/local/www/guiconfig.inc +++ b/usr/local/www/guiconfig.inc @@ -152,6 +152,7 @@ $my_identifier_list = array('myaddress' => 'My IP address', 'address' => 'IP address', 'fqdn' => 'Domain name', 'user_fqdn' => 'User FQDN', + 'asn1dn' => 'Distinguished Name', 'dyn_dns' => 'Dynamic DNS'); $p1_ealgos = array('des' => 'DES', '3des' => '3DES', 'blowfish' => 'Blowfish', diff --git a/usr/local/www/vpn_ipsec_edit.php b/usr/local/www/vpn_ipsec_edit.php index 4cba538..9261734 100755 --- a/usr/local/www/vpn_ipsec_edit.php +++ b/usr/local/www/vpn_ipsec_edit.php @@ -74,6 +74,9 @@ if (isset($id) && $a_ipsec[$id]) { } else if (isset($a_ipsec[$id]['p1']['myident']['ufqdn'])) { $pconfig['p1myidentt'] = 'user_fqdn'; $pconfig['p1myident'] = $a_ipsec[$id]['p1']['myident']['ufqdn']; + } else if (isset($a_ipsec[$id]['p1']['myident']['asn1dn'])) { + $pconfig['p1myidentt'] = 'asn1dn'; + $pconfig['p1myident'] = $a_ipsec[$id]['p1']['myident']['asn1dn']; } else if (isset($a_ipsec[$id]['p1']['myident']['dyn_dns'])) { $pconfig['p1myidentt'] = 'dyn_dns'; $pconfig['p1myident'] = $a_ipsec[$id]['p1']['myident']['dyn_dns']; @@ -226,6 +229,9 @@ if ($_POST) { case 'user_fqdn': $ipsecent['p1']['myident']['ufqdn'] = $_POST['p1myident']; break; + case 'asn1dn': + $ipsecent['p1']['myident']['asn1dn'] = $_POST['p1myident']; + break; case 'dyn_dns': $ipsecent['p1']['myident']['dyn_dns'] = $_POST['p1myident']; break; |
