diff options
author | jim-p <jimp@pfsense.org> | 2015-10-28 13:49:24 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2015-10-28 13:49:24 -0400 |
commit | 50de9fa88581b487918faddefd286caccc14b28c (patch) | |
tree | af025609eb8f91e92198c4cb765edd55f77441b1 | |
parent | 5eac8374c6e1ea0fefc8fbe5fce0024d3a6ea7c1 (diff) | |
download | pfsense-50de9fa88581b487918faddefd286caccc14b28c.zip pfsense-50de9fa88581b487918faddefd286caccc14b28c.tar.gz |
Set leftsendcert=always for IKEv2 configurations with certificates to better accommodate OS X and iOS manual configurations. Fixes #5353
-rw-r--r-- | etc/inc/vpn.inc | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 417f224..70e2872 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -1001,6 +1001,7 @@ EOD; $authentication .= "leftauth=pubkey\n\trightauth=eap-mschapv2"; if (!empty($ph1ent['certref'])) { $authentication .= "\n\tleftcert={$certpath}/cert-{$ph1ent['ikeid']}.crt"; + $authentication .= "\n\tleftsendcert=always"; } } break; @@ -1010,11 +1011,13 @@ EOD; $authentication .= "leftauth=pubkey\n\trightauth=eap-tls"; if (!empty($ph1ent['certref'])) { $authentication .= "\n\tleftcert={$certpath}/cert-{$ph1ent['ikeid']}.crt"; + $authentication .= "\n\tleftsendcert=always"; } } else { $authentication = "leftauth=eap-tls\n\trightauth=eap-tls"; if (!empty($ph1ent['certref'])) { $authentication .= "\n\tleftcert={$certpath}/cert-{$ph1ent['ikeid']}.crt"; + $authentication .= "\n\tleftsendcert=always"; } } if (isset($casub)) { @@ -1027,11 +1030,13 @@ EOD; $authentication .= "leftauth=pubkey\n\trightauth=eap-radius"; if (!empty($ph1ent['certref'])) { $authentication .= "\n\tleftcert={$certpath}/cert-{$ph1ent['ikeid']}.crt"; + $authentication .= "\n\tleftsendcert=always"; } } else { $authentication = "leftauth=eap-radius\n\trightauth=eap-radius"; if (!empty($ph1ent['certref'])) { $authentication .= "\n\tleftcert={$certpath}/cert-{$ph1ent['ikeid']}.crt"; + $authentication .= "\n\tleftsendcert=always"; } } break; |