diff options
author | jim-p <jimp@pfsense.org> | 2014-05-15 13:34:21 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2014-05-15 13:34:21 -0400 |
commit | 95589abda7b0cb9d30e374e9bbc8da439b0fa76f (patch) | |
tree | 7fe1e1fb87816ac88ad7dcdc7a7fd88870d2b268 /etc/inc | |
parent | 25e2281c6d64fb0272d8cf1bfc8030dbc6e6c3d4 (diff) | |
download | pfsense-95589abda7b0cb9d30e374e9bbc8da439b0fa76f.zip pfsense-95589abda7b0cb9d30e374e9bbc8da439b0fa76f.tar.gz |
Move duplicated code into a function; Include local ID on mobile tunnel key line in ipsec.secrets.
Diffstat (limited to 'etc/inc')
-rw-r--r-- | etc/inc/ipsec.inc | 53 | ||||
-rw-r--r-- | etc/inc/vpn.inc | 76 |
2 files changed, 63 insertions, 66 deletions
diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc index e3829f8..a6efa65 100644 --- a/etc/inc/ipsec.inc +++ b/etc/inc/ipsec.inc @@ -669,4 +669,57 @@ function ipsec_fixup_ip($ipaddr) { return $ipaddr; } +function ipsec_find_id(& $ph1ent, $side = "local", $rgmap = array()) { + if ($side == "local") { + $id_type = $ph1ent['myid_type']; + $id_data = $ph1ent['myid_data']; + + $addr = ipsec_get_phase1_src($ph1ent); + if (!$addr) + return array(); + } elseif ($side = "peer") { + $id_type = $ph1ent['peerid_type']; + $id_data = $ph1ent['peerid_data']; + + if (isset($ph1ent['mobile'])) + $addr = "%any"; + else + $addr = $ph1ent['remote-gateway']; + } else { + return array(); + } + + + $thisid_type = $id_type; + switch ($thisid_type) { + case "myaddress": + $thisid_type = "address"; + $thisid_data = $addr; + break; + + case "dyn_dns": + $thisid_type = "address"; + $thisid_data = resolve_retry($id_data); + break; + + case "peeraddress": + $thisid_type = "address"; + $thisid_data = $rgmap[$ph1ent['remote-gateway']]; + break; + + case "address"; + $thisid_data = $id_data; + break; + + case "fqdn"; + case "keyid tag"; + case "user_fqdn"; + case "asn1dn"; + $thisid_data = $id_data; + if( $thisid_data ) + $thisid_data = "{$thisid_data}"; + break; + } + return array($thisid_type, $thisid_data); +} ?> diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index e5263e5..e7fa4b9 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -467,28 +467,16 @@ EOD; } } } else { + list ($myid_type, $myid_data) = ipsec_find_id($ph1ent, "local"); + list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, "peer", $rgmap); - $peerid_type = $ph1ent['peerid_type']; - - switch ($peerid_type) { - case "peeraddress": - $peerid_type = "address"; - $peerid_data = $rgmap[$ph1ent['remote-gateway']]; - break; - - case "address"; - $peerid_data = $ph1ent['peerid_data']; - break; - - case "fqdn"; - case "keyid tag"; - case "user_fqdn"; - $peerid_data = $ph1ent['peerid_data']; - break; - } + if (empty($peerid_data)) + continue; - if (!empty($peerid_data) && !empty($ph1ent['pre-shared-key'])) - $pskconf .= trim($peerid_data) . " : PSK \"" . trim($ph1ent['pre-shared-key']) . "\"\n"; + $myid = isset($ph1ent['mobile']) ? trim($myid_data) . " " : ""; + $peerid = ($peerid_data != "allusers") ? trim($peerid_data) : ""; + if (!empty($ph1ent['pre-shared-key'])) + $pskconf .= $myid . $peerid . " : PSK \"" . trim($ph1ent['pre-shared-key']) . "\"\n"; } } } @@ -561,52 +549,8 @@ EOD; if (!empty($ph1ent['iketype']) && $ph1ent['iketype'] != "ikev1") $keyexchange = "ikev2"; - $myid_type = $ph1ent['myid_type']; - switch ($myid_type) { - case "myaddress": - $myid_type = "address"; - $myid_data = $ep; - break; - - case "dyn_dns": - $myid_type = "address"; - $myid_data = resolve_retry($ph1ent['myid_data']); - break; - - case "address"; - $myid_data = $ph1ent['myid_data']; - break; - - case "fqdn"; - case "keyid tag"; - case "user_fqdn"; - case "asn1dn"; - $myid_data = $ph1ent['myid_data']; - if( $myid_data ) - $myid_data = "{$myid_data}"; - break; - } - - $peerid_type = $ph1ent['peerid_type']; - switch ($peerid_type) { - case "peeraddress": - $peerid_type = "address"; - $peerid_data = $rgip; - break; - - case "address"; - $peerid_data = $ph1ent['peerid_data']; - break; - - case "fqdn"; - case "keyid tag"; - case "user_fqdn"; - case "asn1dn"; - $peerid_data = $ph1ent['peerid_data']; - if( $peerid_data ) - $peerid_data = "{$peerid_data}"; - break; - } + list ($myid_type, $myid_data) = ipsec_find_id($ph1ent, "local"); + list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, "peer", $rgmap); /* Only specify peer ID if we are not dealing with a mobile PSK-only tunnel */ $peerid_spec = ''; |