diff options
author | Ermal <eri@pfsense.org> | 2014-10-30 21:35:51 +0100 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2014-10-30 21:35:51 +0100 |
commit | 737b18f23bfc27185eda513d9ffe2600ecde9cd7 (patch) | |
tree | 73a873d7a7b41d1e9e20b65e37416baa974ef261 /etc | |
parent | 461eac099b80692b1feb4002357da6a61f4a3aff (diff) | |
download | pfsense-737b18f23bfc27185eda513d9ffe2600ecde9cd7.zip pfsense-737b18f23bfc27185eda513d9ffe2600ecde9cd7.tar.gz |
Allow accept_unencrypted_mainmode_messages to be enabled if needed
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/vpn.inc | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 8344a20..076edb1 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -272,6 +272,10 @@ function vpn_ipsec_configure($ipchg = false) } unset($iflist); + $accept_unencrypted = ""; + if (isset($config['ipsec']['acceptunencryptedmainmode'])) + $accept_unencrypted = "accept_unencrypted_mainmode_messages = yes"; + $strongswan = <<<EOD #Automatically generated please do not modify @@ -290,6 +294,7 @@ charon { # XXX: There is not much choice here really users win their security! i_dont_care_about_security_and_use_aggressive_mode_psk=yes + {$accept_unencrypted} cisco_unity = yes # And two loggers using syslog. The subsections define the facility to log |