summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRenato Botelho <renato@netgate.com>2015-07-17 15:14:03 -0300
committerRenato Botelho <renato@netgate.com>2015-07-17 15:16:23 -0300
commit896b85101323f37cef227cf236f7c5558a7b1ddf (patch)
treec8e9d58dca73792b4579ae8907e791f8e1c4366d
parent4df4c7d6b53d5426257ad9a5f2b3fd69a5ce994e (diff)
downloadpfsense-896b85101323f37cef227cf236f7c5558a7b1ddf.zip
pfsense-896b85101323f37cef227cf236f7c5558a7b1ddf.tar.gz
Fixes for IPSec ASN1.DN, ticket #4792
- Do not add leftid to confir when value is empty - When asn1dn param is in binary form, explicit type - Always add double quotes for asn1dn
-rw-r--r--etc/inc/vpn.inc24
1 files changed, 17 insertions, 7 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc
index b328975..aaf7c09 100644
--- a/etc/inc/vpn.inc
+++ b/etc/inc/vpn.inc
@@ -823,23 +823,33 @@ EOD;
}
list ($myid_type, $myid_data) = ipsec_find_id($ph1ent, 'local');
- if ($myid_type != 'address' && $myid_type != 'keyid') {
+ if ($myid_type != 'address' && $myid_type != 'keyid' && $myid_type != 'asn1dn') {
$myid_data = "{$myid_type}:{$myid_data}";
+ } elseif ($myid_type == "asn1dn" && !empty($myid_data)) {
+ if ($myid_data[0] == '#') {
/* asn1dn needs double quotes */
- if ($myid_type == "asn1dn") {
- $myid_data = '"' . $myid_data . '"';
+ $myid_data = "\"{$myid_type}:{$myid_data}\"";
+ } else {
+ $myid_data = "\"{$myid_data}\"";
}
}
+ $leftid = '';
+ if (!empty($myid_data)) {
+ $leftid = "leftid = {$myid_data}";
+ }
/* Only specify peer ID if we are not dealing with a mobile PSK-only tunnel */
$peerid_spec = '';
if (!isset($ph1ent['mobile'])) {
list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, 'peer', $rgmap);
- if ($peerid_type != 'address' && $peerid_type != 'keyid') {
+ if ($peerid_type != 'address' && $peerid_type != 'keyid' && $peerid_type != 'asn1dn') {
$peerid_spec = "{$peerid_type}:{$peerid_data}";
+ } elseif ($peerid_type == "asn1dn") {
/* asn1dn needs double quotes */
- if ($peerid_type == "asn1dn") {
- $peerid_spec = '"' . $peerid_spec . '"';
+ if ($peerid_data[0] == '#') {
+ $peerid_spec = "\"{$peerid_type}:{$peerid_data}\"";
+ } elseif (!empty($peerid_data)) {
+ $peerid_spec = "\"{$peerid_data}\"";
}
} else {
$peerid_spec = $peerid_data;
@@ -1161,7 +1171,7 @@ EOD;
auto = {$passive}
left = {$left_spec}
right = {$right_spec}
- leftid = {$myid_data}
+ {$leftid}
EOD;
OpenPOWER on IntegriCloud