diff options
| author | Ermal <eri@pfsense.org> | 2014-03-06 21:38:02 +0100 |
|---|---|---|
| committer | Ermal <eri@pfsense.org> | 2014-03-06 21:38:50 +0100 |
| commit | d60eea555e6de2a2b4e88e824466a49326c1f230 (patch) | |
| tree | 1c3a601ec4a710c306e45e5809eab918f0b561dd | |
| parent | 8c3cba99f0c6f57b181110d7a34926cc4fdcf995 (diff) | |
| download | pfsense-d60eea555e6de2a2b4e88e824466a49326c1f230.zip pfsense-d60eea555e6de2a2b4e88e824466a49326c1f230.tar.gz | |
Correct the generation of the config for mobile tunnels as well
| -rw-r--r-- | etc/inc/vpn.inc | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 5a6a5e5..ddb7a4d 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -661,12 +661,10 @@ EOD; $localid_type = $ph2ent['localid']['type']; $localid_data = ipsec_idinfo_to_cidr($ph2ent['localid'], false, $ph2ent['mode']); /* Do not print localid in some cases, such as a pure-psk or psk/xauth single phase2 mobile tunnel */ - if (($localid_type == "none" || $localid_type == "mobile") || - (($ph1ent['authentication_method'] == "xauth_psk_server") || - ($ph1ent['authentication_method'] == "pre_shared_key")) + if (($localid_type == "none" || $localid_type == "mobile") && isset($ph1ent['mobile']) && (ipsec_get_number_of_phase2($ikeid)==1)) - $localid_spec = "%mobile"; + $localid_spec = "%any"; else { if ($localid_type != "address") { $localid_type = "subnet"; @@ -677,6 +675,7 @@ EOD; continue; } $localid_spec = $ep; + /* XXX: To be finished */ if (0 && !empty($ph2ent['natlocalid'])) { $natlocalid_data = ipsec_idinfo_to_cidr($ph2ent['natlocalid'], false, $ph2ent['mode']); if ($ph2ent['natlocalid']['type'] != "address") { |
