Revert "Move to specifically specifying the ID type apart when an ip address to have strongswan do proper behaviour. Also for DynDNS names use the dns type id so strongswan does the resolving by its own."

This reverts commit 1ada4c8c514cc33b0df6238b7f2f177078bfe2e8.

2 files changed, 31 insertions, 35 deletions

diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc
index 71e10e1..e04f342 100644
--- a/etc/inc/ipsec.inc
+++ b/etc/inc/ipsec.inc
@@ -622,41 +622,39 @@ function ipsec_find_id(& $ph1ent, $side = "local", $rgmap = array()) {
 			$addr = "%any";
 		else
 			$addr = $ph1ent['remote-gateway'];
-	} else
+	} else {
 		return array();
+	}
 
 
 	$thisid_type = $id_type;
 	switch ($thisid_type) {
-	case 'myaddress':
-		$thisid_type = 'address';
+	case "myaddress":
+		$thisid_type = "address";
 		$thisid_data = $addr;
 		break;
-	case 'dyn_dns':
-		$thisid_type = 'dns';
-		$thisid_data = $id_data;
+
+	case "dyn_dns":
+		$thisid_type = "address";
+		$thisid_data = resolve_retry($id_data);
 		break;
-	case 'peeraddress':
-		$thisid_type = 'address';
+
+	case "peeraddress":
+		$thisid_type = "address";
 		$thisid_data = $rgmap[$ph1ent['remote-gateway']];
 		break;
-	case 'address';
+
+	case "address";
 		$thisid_data = $id_data;
 		break;
-	case 'fqdn';
-		$thisid_data = "{$id_data}";
-		break;
-	case 'keyid tag';
-		$thisid_type = 'keyid';
-		$thisid_data = "{$thisid_data}";
-		break;
-	case 'user_fqdn';
-		$thisid_type = 'userfqdn';
-		$thisid_data = "{$id_data}";
-		break;
-	case 'asn1dn';
+
+	case "fqdn";
+	case "keyid tag";
+	case "user_fqdn";
+	case "asn1dn";
 		$thisid_data = $id_data;
-		$thisid_data = "{$id_data}";
+		if( $thisid_data )
+			$thisid_data = "{$thisid_data}";
 		break;
 	}
 	return array($thisid_type, $thisid_data);
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc
index 0b8dfc1..69bfcc0 100644
--- a/etc/inc/vpn.inc
+++ b/etc/inc/vpn.inc
@@ -484,14 +484,14 @@ EOD;
 				/* XXX" Traffic selectors? */
 				$pskconf .= " : RSA {$ph1keyfile}\n";
 			} else {
-				list ($myid_type, $myid_data) = ipsec_find_id($ph1ent, 'local');
-				list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, 'peer', $rgmap);
+				list ($myid_type, $myid_data) = ipsec_find_id($ph1ent, "local");
+				list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, "peer", $rgmap);
 
 				if (empty($peerid_data))
 					continue;
 
 				$myid = isset($ph1ent['mobile']) ? trim($myid_data) : "%any";
-				$peerid = ($peerid_data != 'allusers') ? trim($peerid_data) : '';
+				$peerid = ($peerid_data != "allusers") ? trim($peerid_data) : "";
 				if (!empty($ph1ent['pre-shared-key'])) {
 					if ($myid_type == 'fqdn' && !empty($myid_data))
 						$pskconf .= "@{$myid} {$peerid} : PSK 0s" . base64_encode(trim($ph1ent['pre-shared-key'])) . "\n";
@@ -568,19 +568,17 @@ EOD;
 			} else
 				$right_spec = $ph1ent['remote-gateway'];
 
-			list ($myid_type, $myid_data) = ipsec_find_id($ph1ent, 'local');
-			if ($myid_type != 'address')
-				$myid_data = "{$myid_type}:{$myid_data}";
+			list ($myid_type, $myid_data) = ipsec_find_id($ph1ent, "local");
+			if ($myid_type == 'fqdn')
+				$myid_data = "@{$myid_data}";
+			list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, "peer", $rgmap);
+			if ($peerid_type == 'fqdn')
+				$peerid_data = "@{$peerid_data}";
 
 			/* Only specify peer ID if we are not dealing with a mobile PSK-only tunnel */
 			$peerid_spec = '';
-			if (!isset($ph1ent['mobile'])) {
-				list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, 'peer', $rgmap);
-				if ($peerid_type != 'address')
-					$peerid_spec = "{$peerid_type}:{$peerid_data}";
-				else
-					$peerid_spec = $peerid_data;
-			}
+			if (!isset($ph1ent['mobile']))
+				$peerid_spec = $peerid_data;
 
 			if (is_array($ph1ent['encryption-algorithm']) && !empty($ph1ent['encryption-algorithm']['name']) && !empty($ph1ent['hash-algorithm'])) {
 				$ealgosp1 = '';