diff options
| author | Chris Buechler <cmb@pfsense.org> | 2015-07-23 18:15:35 -0500 |
|---|---|---|
| committer | Chris Buechler <cmb@pfsense.org> | 2015-07-23 18:15:35 -0500 |
| commit | 6d86e659cff6086c95eb408be286203f0e80912f (patch) | |
| tree | a62fa4dec09220dbdef908ac0dc950d9fe1b8167 | |
| parent | e7f4a96432c1844a4a7806cf6b11ccc3bef8a6f9 (diff) | |
| download | pfsense-6d86e659cff6086c95eb408be286203f0e80912f.zip pfsense-6d86e659cff6086c95eb408be286203f0e80912f.tar.gz | |
Only omit rightid for PSK mobile types. Flip the logic here as the 2_1 !
logic gets ugly.
| -rw-r--r-- | etc/inc/vpn.inc | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 3e7fd67..6772f6d 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -857,9 +857,10 @@ EOD; $leftid = "leftid = {$myid_data}"; } - /* Only specify peer ID if we are not dealing with a mobile PSK-only tunnel */ $peerid_spec = ''; - if (!isset($ph1ent['mobile'])) { + if (isset($ph1ent['mobile']) && ($ph1ent['authentication_method'] == "pre_shared_key" || $ph1ent['authentication_method'] == "xauth_psk_server")) { + // Only specify peer ID if we are not dealing with mobile PSK + } else { list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, 'peer', $rgmap); if ($peerid_type != 'address' && $peerid_type != 'keyid' && $peerid_type != 'asn1dn') { $peerid_spec = "{$peerid_type}:{$peerid_data}"; |
