summaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
authorErmal <eri@pfsense.org>2014-10-30 21:35:51 +0100
committerErmal <eri@pfsense.org>2014-10-30 21:35:51 +0100
commit737b18f23bfc27185eda513d9ffe2600ecde9cd7 (patch)
tree73a873d7a7b41d1e9e20b65e37416baa974ef261 /etc
parent461eac099b80692b1feb4002357da6a61f4a3aff (diff)
downloadpfsense-737b18f23bfc27185eda513d9ffe2600ecde9cd7.zip
pfsense-737b18f23bfc27185eda513d9ffe2600ecde9cd7.tar.gz
Allow accept_unencrypted_mainmode_messages to be enabled if needed
Diffstat (limited to 'etc')
-rw-r--r--etc/inc/vpn.inc5
1 files changed, 5 insertions, 0 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc
index 8344a20..076edb1 100644
--- a/etc/inc/vpn.inc
+++ b/etc/inc/vpn.inc
@@ -272,6 +272,10 @@ function vpn_ipsec_configure($ipchg = false)
}
unset($iflist);
+ $accept_unencrypted = "";
+ if (isset($config['ipsec']['acceptunencryptedmainmode']))
+ $accept_unencrypted = "accept_unencrypted_mainmode_messages = yes";
+
$strongswan = <<<EOD
#Automatically generated please do not modify
@@ -290,6 +294,7 @@ charon {
# XXX: There is not much choice here really users win their security!
i_dont_care_about_security_and_use_aggressive_mode_psk=yes
+ {$accept_unencrypted}
cisco_unity = yes
# And two loggers using syslog. The subsections define the facility to log
OpenPOWER on IntegriCloud