diff options
author | Pierre POMES <pierre.pomes@gmail.com> | 2010-12-28 16:23:36 -0500 |
---|---|---|
committer | Pierre POMES <pierre.pomes@gmail.com> | 2010-12-28 16:23:36 -0500 |
commit | 8f5c3d8d8af906fab96a81a97bcd62d908bc5761 (patch) | |
tree | 944de9a700206d9b7247b54ffd91653b823254a3 | |
parent | c23b4f0d80d389007cf058d0f17a65001a644811 (diff) | |
download | pfsense-8f5c3d8d8af906fab96a81a97bcd62d908bc5761.zip pfsense-8f5c3d8d8af906fab96a81a97bcd62d908bc5761.tar.gz |
Ticket #1116: anonymous sainfo may be used only for single phase2 ipsec VPN's
-rw-r--r-- | etc/inc/ipsec.inc | 19 | ||||
-rw-r--r-- | etc/inc/vpn.inc | 5 |
2 files changed, 21 insertions, 3 deletions
diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc index 332f300..2653297 100644 --- a/etc/inc/ipsec.inc +++ b/etc/inc/ipsec.inc @@ -469,4 +469,21 @@ function ipsec_mobilekey_sort() { usort($config['ipsec']['mobilekey'], "mobilekeycmp"); } -?>
\ No newline at end of file +function ipsec_get_number_of_phase2($ikeid) { + global $config; + $a_phase2 = $config['ipsec']['phase2']; + + $nbph2=0; + + if (is_array($a_phase2) && count($a_phase2)) { + foreach ($a_phase2 as $ph2tmp) { + if ($ph2tmp['ikeid'] == $ikeid) { + $nbph2++; + } + } + } + + return $nbph2; +} + +?> diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index a3b681a..0e172cc 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -636,11 +636,12 @@ EOD; $localid_type = $ph2ent['localid']['type']; $localid_data = ipsec_idinfo_to_cidr($ph2ent['localid']); - /* Do not print localid in some cases, such as a pure-psk or psk/xauth mobile tunnel */ + /* Do not print localid in some cases, such as a pure-psk or psk/xauth single phase2 mobile tunnel */ if (($localid_type == "none") || (($ph1ent['authentication_method'] == "xauth_psk_server") || ($ph1ent['authentication_method'] == "pre_shared_key")) - && isset($ph1ent['mobile'])) + && isset($ph1ent['mobile']) + && (ipsec_get_number_of_phase2($ikeid)==1)) $localid_spec = " "; else { if ($localid_type != "address") { |