Use leftcert for more options on IPsec authentication

author: Ermal <eri@pfsense.org> 2014-11-11 20:57:48 +0100
committer: Ermal <eri@pfsense.org> 2014-11-11 20:57:48 +0100
commit: 63ba47297f8e59e24ff83bd5bafd3eca32f600a6 (patch)
tree: 48d5f45f076e2bffd56cb16534f255c4337c344b /etc/inc/vpn.inc
parent: 1f2f38f5097a982a5432f7b6ba5ce3bd2115cfbb (diff)
download: pfsense-63ba47297f8e59e24ff83bd5bafd3eca32f600a6.zip
pfsense-63ba47297f8e59e24ff83bd5bafd3eca32f600a6.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc
index 24fe511..8d71486 100644
--- a/etc/inc/vpn.inc
+++ b/etc/inc/vpn.inc
@@ -599,6 +599,8 @@ EOD;
 				case 'xauth_rsa_server':
 					$authentication = "leftauth = pubkey\n\trightauth = pubkey";
 					$authentication .= "\n\trightauth2 = xauth-generic";
+					if (!empty($ph1ent['certref']))
+						$authentication .= "\n\tleftcert={$certpath}/cert-{$ph1ent['ikeid']}.crt";
 					break;
 				case 'xauth_psk_server':
 					$authentication = "leftauth = psk\n\trightauth = psk";
@@ -609,10 +611,14 @@ EOD;
 					break;
 				case 'rsasig':
 					$authentication = "leftauth = pubkey\n\trightauth = pubkey";
+					if (!empty($ph1ent['certref']))
+						$authentication .= "\n\tleftcert={$certpath}/cert-{$ph1ent['ikeid']}.crt";
 					break;
 				case 'hybrid_rsa_server':
 					$authentication = "leftauth = xauth-generic\n\trightauth = pubkey";
 					$authentication .= "\n\trightauth2 = xauth";
+					if (!empty($ph1ent['certref']))
+						$authentication .= "\n\tleftcert={$certpath}/cert-{$ph1ent['ikeid']}.crt";
 					break;
 				}
author	Ermal <eri@pfsense.org>	2014-11-11 20:57:48 +0100
committer	Ermal <eri@pfsense.org>	2014-11-11 20:57:48 +0100
commit	63ba47297f8e59e24ff83bd5bafd3eca32f600a6 (patch)
tree	48d5f45f076e2bffd56cb16534f255c4337c344b /etc/inc/vpn.inc
parent	1f2f38f5097a982a5432f7b6ba5ce3bd2115cfbb (diff)
download	pfsense-63ba47297f8e59e24ff83bd5bafd3eca32f600a6.zip pfsense-63ba47297f8e59e24ff83bd5bafd3eca32f600a6.tar.gz