diff options
| author | Renato Botelho <garga@FreeBSD.org> | 2015-06-23 09:59:46 -0300 |
|---|---|---|
| committer | Renato Botelho <garga@FreeBSD.org> | 2015-06-23 09:59:46 -0300 |
| commit | 29c9e14002b4a1566fa6afc6c4933b384b8e2242 (patch) | |
| tree | 357324c6935487c68518526b341d0c66d77282bb /etc | |
| parent | c598160a4ac0dfe2c2f2b65e50682e87575876b9 (diff) | |
| download | pfsense-29c9e14002b4a1566fa6afc6c4933b384b8e2242.zip pfsense-29c9e14002b4a1566fa6afc6c4933b384b8e2242.tar.gz | |
Add a workaround for ticket #4785:
There was a regression on strongswan between 5.3.0 and 5.3.2 as reported
at [1]. To workaround this issue, add an extra line on ipsec.secrets
with right fqdn.
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/vpn.inc | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index ab19cb3..7c4b626 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -579,12 +579,26 @@ EOD; if (empty($peerid_data)) continue; + if ($myid_type == 'fqdn' && !empty($myid)) { + $myid = "@{$myid}"; + } + $peerid = ($peerid_data != 'allusers') ? trim($peerid_data) : ''; + + if ($peerid_type == 'fqdn' && !empty($peerid)) { + $peerid = "@{$peerid}"; + } + if (!empty($ph1ent['pre-shared-key'])) { - if ($myid_type == 'fqdn' && !empty($myid)) - $pskconf .= "@{$myid} {$peerid} : PSK 0s" . base64_encode(trim($ph1ent['pre-shared-key'])) . "\n"; - else - $pskconf .= "{$myid} {$peerid} : PSK 0s" . base64_encode(trim($ph1ent['pre-shared-key'])) . "\n"; + $pskconf .= "{$myid} {$peerid} : PSK 0s" . base64_encode(trim($ph1ent['pre-shared-key'])) . "\n"; + + /* + * XXX: Remove after following strongswan issue is fixed: + *https://wiki.strongswan.org/issues/1004 + */ + if ($peerid_type == 'address' && is_fqdn($ph1ent['remote-gateway'])) { + $pskconf .= "{$myid} @{$ph1ent['remote-gateway']} : PSK 0s" . base64_encode(trim($ph1ent['pre-shared-key'])) . "\n"; + } } } } |
