diff options
author | Chris Buechler <cmb@pfsense.org> | 2015-06-21 16:00:23 -0500 |
---|---|---|
committer | Chris Buechler <cmb@pfsense.org> | 2015-06-21 16:00:23 -0500 |
commit | 887093c3093e5ed4084b28e2cbfbe748d5c00117 (patch) | |
tree | 60f1686ed21e6df9cda204c903bfe35b5fc0ed2f | |
parent | 10a1c51d87b513a14de63c21b7ba8491b85badf5 (diff) | |
download | pfsense-887093c3093e5ed4084b28e2cbfbe748d5c00117.zip pfsense-887093c3093e5ed4084b28e2cbfbe748d5c00117.tar.gz |
Specify $myid rather than %any here, otherwise user manager and mobile PSKs won't match. Ticket #4781
-rw-r--r-- | etc/inc/vpn.inc | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index d84ad5a..7e64f88 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -573,11 +573,12 @@ EOD; } else { list ($myid_type, $myid_data) = ipsec_find_id($ph1ent, 'local'); list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, 'peer', $rgmap); + + $myid = isset($ph1ent['mobile']) ? trim($myid_data) : "%any"; if (empty($peerid_data)) continue; - $myid = isset($ph1ent['mobile']) ? trim($myid_data) : "%any"; $peerid = ($peerid_data != 'allusers') ? trim($peerid_data) : ''; if (!empty($ph1ent['pre-shared-key'])) { if ($myid_type == 'fqdn' && !empty($myid_data)) @@ -593,7 +594,7 @@ EOD; if (is_array($config['system']) && is_array($config['system']['user'])) { foreach ($config['system']['user'] as $user) { if (!empty($user['ipsecpsk'])) { - $pskconf .= "%any {$user['name']} : PSK 0s" . base64_encode($user['ipsecpsk']) . "\n"; + $pskconf .= "{$myid} {$user['name']} : PSK 0s" . base64_encode($user['ipsecpsk']) . "\n"; } } unset($user); @@ -606,7 +607,7 @@ EOD; $key['ident'] = '%any'; if (empty($key['type'])) $key['type'] = 'PSK'; - $pskconf .= "%any {$key['ident']} : {$key['type']} 0s" . base64_encode($key['pre-shared-key']) . "\n"; + $pskconf .= "{$myid} {$key['ident']} : {$key['type']} 0s" . base64_encode($key['pre-shared-key']) . "\n"; } unset($key); } |