diff options
author | Chris Buechler <cmb@pfsense.org> | 2015-07-23 18:15:35 -0500 |
---|---|---|
committer | Chris Buechler <cmb@pfsense.org> | 2015-07-23 18:17:32 -0500 |
commit | 021a97b58a3ab24a66773ccc61670365015c85e5 (patch) | |
tree | 8014d40fb00b59ccae8a3e953c9ce9396142fac5 /etc/inc/vpn.inc | |
parent | bdd9efb37f1c7ba0777bc2e920eeb2c93d5832c9 (diff) | |
download | pfsense-021a97b58a3ab24a66773ccc61670365015c85e5.zip pfsense-021a97b58a3ab24a66773ccc61670365015c85e5.tar.gz |
Only omit rightid for PSK mobile types. Flip the logic here as the 2_1 !
logic gets ugly.
Diffstat (limited to 'etc/inc/vpn.inc')
-rw-r--r-- | etc/inc/vpn.inc | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 3e7fd67..6772f6d 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -857,9 +857,10 @@ EOD; $leftid = "leftid = {$myid_data}"; } - /* Only specify peer ID if we are not dealing with a mobile PSK-only tunnel */ $peerid_spec = ''; - if (!isset($ph1ent['mobile'])) { + if (isset($ph1ent['mobile']) && ($ph1ent['authentication_method'] == "pre_shared_key" || $ph1ent['authentication_method'] == "xauth_psk_server")) { + // Only specify peer ID if we are not dealing with mobile PSK + } else { list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, 'peer', $rgmap); if ($peerid_type != 'address' && $peerid_type != 'keyid' && $peerid_type != 'asn1dn') { $peerid_spec = "{$peerid_type}:{$peerid_data}"; |