summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjim-p <jimp@pfsense.org>2015-10-28 13:49:24 -0400
committerjim-p <jimp@pfsense.org>2015-10-28 13:49:24 -0400
commit50de9fa88581b487918faddefd286caccc14b28c (patch)
treeaf025609eb8f91e92198c4cb765edd55f77441b1
parent5eac8374c6e1ea0fefc8fbe5fce0024d3a6ea7c1 (diff)
downloadpfsense-50de9fa88581b487918faddefd286caccc14b28c.zip
pfsense-50de9fa88581b487918faddefd286caccc14b28c.tar.gz
Set leftsendcert=always for IKEv2 configurations with certificates to better accommodate OS X and iOS manual configurations. Fixes #5353
-rw-r--r--etc/inc/vpn.inc5
1 files changed, 5 insertions, 0 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc
index 417f224..70e2872 100644
--- a/etc/inc/vpn.inc
+++ b/etc/inc/vpn.inc
@@ -1001,6 +1001,7 @@ EOD;
$authentication .= "leftauth=pubkey\n\trightauth=eap-mschapv2";
if (!empty($ph1ent['certref'])) {
$authentication .= "\n\tleftcert={$certpath}/cert-{$ph1ent['ikeid']}.crt";
+ $authentication .= "\n\tleftsendcert=always";
}
}
break;
@@ -1010,11 +1011,13 @@ EOD;
$authentication .= "leftauth=pubkey\n\trightauth=eap-tls";
if (!empty($ph1ent['certref'])) {
$authentication .= "\n\tleftcert={$certpath}/cert-{$ph1ent['ikeid']}.crt";
+ $authentication .= "\n\tleftsendcert=always";
}
} else {
$authentication = "leftauth=eap-tls\n\trightauth=eap-tls";
if (!empty($ph1ent['certref'])) {
$authentication .= "\n\tleftcert={$certpath}/cert-{$ph1ent['ikeid']}.crt";
+ $authentication .= "\n\tleftsendcert=always";
}
}
if (isset($casub)) {
@@ -1027,11 +1030,13 @@ EOD;
$authentication .= "leftauth=pubkey\n\trightauth=eap-radius";
if (!empty($ph1ent['certref'])) {
$authentication .= "\n\tleftcert={$certpath}/cert-{$ph1ent['ikeid']}.crt";
+ $authentication .= "\n\tleftsendcert=always";
}
} else {
$authentication = "leftauth=eap-radius\n\trightauth=eap-radius";
if (!empty($ph1ent['certref'])) {
$authentication .= "\n\tleftcert={$certpath}/cert-{$ph1ent['ikeid']}.crt";
+ $authentication .= "\n\tleftsendcert=always";
}
}
break;
OpenPOWER on IntegriCloud