diff options
author | jim-p <jim@pingle.org> | 2010-05-06 16:40:14 -0400 |
---|---|---|
committer | jim-p <jim@pingle.org> | 2010-05-06 16:40:14 -0400 |
commit | 36d047f5fa6eeb53a653d73693b01babf7ebdf90 (patch) | |
tree | 95c653a74deb7a8df8939b44d5bba69bf5685eaa /etc/inc/vpn.inc | |
parent | 9b2e9133f8726caf83d76f8f6836742880cd617b (diff) | |
download | pfsense-36d047f5fa6eeb53a653d73693b01babf7ebdf90.zip pfsense-36d047f5fa6eeb53a653d73693b01babf7ebdf90.tar.gz |
Only specify peer ID if we are not dealing with a mobile PSK-only tunnel. Ticket #108.
Diffstat (limited to 'etc/inc/vpn.inc')
-rw-r--r-- | etc/inc/vpn.inc | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index a2e3d1e..2c5156a 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -558,6 +558,11 @@ function vpn_ipsec_configure($ipchg = false) if ($ph1ent['lifetime']) $lifeline = "lifetime time {$ph1ent['lifetime']} secs;"; + /* Only specify peer ID if we are not dealing with a mobile PSK-only tunnel */ + if (!(($ph1ent['authentication_method'] == "pre_shared_key") && isset($ph1ent['mobile']))) { + $peerid_spec = "peers_identifier {$peerid_type} {$peerid_data};"; + } + /* add remote section to configuration */ $racoonconf .=<<<EOD @@ -567,7 +572,7 @@ remote {$rgip} ph1id {$ikeid}; exchange_mode {$ph1ent['mode']}; my_identifier {$myid_type} {$myid_data}; - peers_identifier {$peerid_type} {$peerid_data}; + {$peerid_spec} ike_frag on; generate_policy = {$genp}; initial_contact = {$init}; |