diff options
| author | Renato Botelho <garga@FreeBSD.org> | 2015-06-23 09:59:46 -0300 |
|---|---|---|
| committer | Renato Botelho <garga@FreeBSD.org> | 2015-06-23 10:22:01 -0300 |
| commit | 019ee2bc8cd2422aa8c3dc4e16d0a79ad42dc9ff (patch) | |
| tree | c1fc169d30161cc2f7323ad8db3f6f34607bb765 /etc | |
| parent | cfc6fd8d04659c29c80bb471722c7c89747ed052 (diff) | |
| download | pfsense-019ee2bc8cd2422aa8c3dc4e16d0a79ad42dc9ff.zip pfsense-019ee2bc8cd2422aa8c3dc4e16d0a79ad42dc9ff.tar.gz | |
Add a workaround for ticket #4785:
There was a regression on strongswan between 5.3.0 and 5.3.2 as reported
at [1]. To workaround this issue, add an extra line on ipsec.secrets
with right fqdn.
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/vpn.inc | 21 |
1 files changed, 17 insertions, 4 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 0ddebbf..df0462d 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -635,12 +635,25 @@ EOD; continue; } + if ($myid_type == 'fqdn' && !empty($myid)) { + $myid = "@{$myid}"; + } + $peerid = ($peerid_data != 'allusers') ? trim($peerid_data) : ''; + + if ($peerid_type == 'fqdn' && !empty($peerid)) { + $peerid = "@{$peerid}"; + } + if (!empty($ph1ent['pre-shared-key'])) { - if ($myid_type == 'fqdn' && !empty($myid)) { - $pskconf .= "@{$myid} {$peerid} : PSK 0s" . base64_encode(trim($ph1ent['pre-shared-key'])) . "\n"; - } else { - $pskconf .= "{$myid} {$peerid} : PSK 0s" . base64_encode(trim($ph1ent['pre-shared-key'])) . "\n"; + $pskconf .= "{$myid} {$peerid} : PSK 0s" . base64_encode(trim($ph1ent['pre-shared-key'])) . "\n"; + + /* + * XXX: Remove after following strongswan issue is fixed: + *https://wiki.strongswan.org/issues/1004 + */ + if ($peerid_type == 'address' && is_fqdn($ph1ent['remote-gateway'])) { + $pskconf .= "{$myid} @{$ph1ent['remote-gateway']} : PSK 0s" . base64_encode(trim($ph1ent['pre-shared-key'])) . "\n"; } } } |
