diff options
author | Ermal <eri@pfsense.org> | 2014-11-11 20:57:48 +0100 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2014-11-11 20:57:48 +0100 |
commit | 63ba47297f8e59e24ff83bd5bafd3eca32f600a6 (patch) | |
tree | 48d5f45f076e2bffd56cb16534f255c4337c344b /etc/inc/vpn.inc | |
parent | 1f2f38f5097a982a5432f7b6ba5ce3bd2115cfbb (diff) | |
download | pfsense-63ba47297f8e59e24ff83bd5bafd3eca32f600a6.zip pfsense-63ba47297f8e59e24ff83bd5bafd3eca32f600a6.tar.gz |
Use leftcert for more options on IPsec authentication
Diffstat (limited to 'etc/inc/vpn.inc')
-rw-r--r-- | etc/inc/vpn.inc | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 24fe511..8d71486 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -599,6 +599,8 @@ EOD; case 'xauth_rsa_server': $authentication = "leftauth = pubkey\n\trightauth = pubkey"; $authentication .= "\n\trightauth2 = xauth-generic"; + if (!empty($ph1ent['certref'])) + $authentication .= "\n\tleftcert={$certpath}/cert-{$ph1ent['ikeid']}.crt"; break; case 'xauth_psk_server': $authentication = "leftauth = psk\n\trightauth = psk"; @@ -609,10 +611,14 @@ EOD; break; case 'rsasig': $authentication = "leftauth = pubkey\n\trightauth = pubkey"; + if (!empty($ph1ent['certref'])) + $authentication .= "\n\tleftcert={$certpath}/cert-{$ph1ent['ikeid']}.crt"; break; case 'hybrid_rsa_server': $authentication = "leftauth = xauth-generic\n\trightauth = pubkey"; $authentication .= "\n\trightauth2 = xauth"; + if (!empty($ph1ent['certref'])) + $authentication .= "\n\tleftcert={$certpath}/cert-{$ph1ent['ikeid']}.crt"; break; } |