diff options
author | Renato Botelho <renato@netgate.com> | 2015-07-17 15:14:03 -0300 |
---|---|---|
committer | Renato Botelho <renato@netgate.com> | 2015-07-17 15:16:23 -0300 |
commit | 896b85101323f37cef227cf236f7c5558a7b1ddf (patch) | |
tree | c8e9d58dca73792b4579ae8907e791f8e1c4366d | |
parent | 4df4c7d6b53d5426257ad9a5f2b3fd69a5ce994e (diff) | |
download | pfsense-896b85101323f37cef227cf236f7c5558a7b1ddf.zip pfsense-896b85101323f37cef227cf236f7c5558a7b1ddf.tar.gz |
Fixes for IPSec ASN1.DN, ticket #4792
- Do not add leftid to confir when value is empty
- When asn1dn param is in binary form, explicit type
- Always add double quotes for asn1dn
-rw-r--r-- | etc/inc/vpn.inc | 24 |
1 files changed, 17 insertions, 7 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index b328975..aaf7c09 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -823,23 +823,33 @@ EOD; } list ($myid_type, $myid_data) = ipsec_find_id($ph1ent, 'local'); - if ($myid_type != 'address' && $myid_type != 'keyid') { + if ($myid_type != 'address' && $myid_type != 'keyid' && $myid_type != 'asn1dn') { $myid_data = "{$myid_type}:{$myid_data}"; + } elseif ($myid_type == "asn1dn" && !empty($myid_data)) { + if ($myid_data[0] == '#') { /* asn1dn needs double quotes */ - if ($myid_type == "asn1dn") { - $myid_data = '"' . $myid_data . '"'; + $myid_data = "\"{$myid_type}:{$myid_data}\""; + } else { + $myid_data = "\"{$myid_data}\""; } } + $leftid = ''; + if (!empty($myid_data)) { + $leftid = "leftid = {$myid_data}"; + } /* Only specify peer ID if we are not dealing with a mobile PSK-only tunnel */ $peerid_spec = ''; if (!isset($ph1ent['mobile'])) { list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, 'peer', $rgmap); - if ($peerid_type != 'address' && $peerid_type != 'keyid') { + if ($peerid_type != 'address' && $peerid_type != 'keyid' && $peerid_type != 'asn1dn') { $peerid_spec = "{$peerid_type}:{$peerid_data}"; + } elseif ($peerid_type == "asn1dn") { /* asn1dn needs double quotes */ - if ($peerid_type == "asn1dn") { - $peerid_spec = '"' . $peerid_spec . '"'; + if ($peerid_data[0] == '#') { + $peerid_spec = "\"{$peerid_type}:{$peerid_data}\""; + } elseif (!empty($peerid_data)) { + $peerid_spec = "\"{$peerid_data}\""; } } else { $peerid_spec = $peerid_data; @@ -1161,7 +1171,7 @@ EOD; auto = {$passive} left = {$left_spec} right = {$right_spec} - leftid = {$myid_data} + {$leftid} EOD; |