summaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
authorChris Buechler <cmb@pfsense.org>2014-08-14 00:14:18 -0500
committerChris Buechler <cmb@pfsense.org>2014-08-14 00:14:18 -0500
commit154298f1962c84d28f264cd3d33ece1f1e71d83a (patch)
treee8a24f2e7f56ab81d69606df1b68b25e99414ea8 /etc
parent7f1b720f4c3f1c8fd56fd1c4ab96458294b64175 (diff)
downloadpfsense-154298f1962c84d28f264cd3d33ece1f1e71d83a.zip
pfsense-154298f1962c84d28f264cd3d33ece1f1e71d83a.tar.gz
rightsourceip must be used with PSK+Xauth.
Diffstat (limited to 'etc')
-rw-r--r--etc/inc/vpn.inc5
1 files changed, 3 insertions, 2 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc
index d222622..3be02d2 100644
--- a/etc/inc/vpn.inc
+++ b/etc/inc/vpn.inc
@@ -586,6 +586,7 @@ EOD;
$ikelifeline = "ikelifetime = {$ph1ent['lifetime']}s";
$authentication = "";
+ $rightsourceip = NULL;
switch ($ph1ent['authentication_method']) {
case 'xauth_rsa_server':
$authentication = "leftauth = pubkey\n\trightauth = pubkey";
@@ -594,6 +595,8 @@ EOD;
case 'xauth_psk_server':
$authentication = "leftauth = psk\n\trightauth = psk";
$authentication .= "\n\trightauth2 = xauth-generic";
+ if (!empty($a_client['pool_address']))
+ $rightsourceip = "\trightsourceip = {$a_client['pool_address']}/{$a_client['pool_netbits']}\n";
break;
case 'pre_shared_key':
$authentication = "leftauth = psk\n\trightauth = psk";
@@ -610,7 +613,6 @@ EOD;
$left_spec = $ep;
$ipseclifetime = 0;
- $rightsourceip = NULL;
$rightsubnet_spec = array();
$leftsubnet_spec = array();
$ealgoAHsp2arr = array();
@@ -664,7 +666,6 @@ EOD;
$rightsubnet_spec[] = ipsec_idinfo_to_cidr($ph2ent['remoteid'], false, $ph2ent['mode']);
} else if (!empty($a_client['pool_address'])) {
$rightsubnet_spec[] = "{$a_client['pool_address']}/{$a_client['pool_netbits']}";
- $rightsourceip = "\trightsourceip={$a_client['pool_address']}/{$a_client['pool_netbits']}\n";
}
} else {
$tunneltype = "type = transport";
OpenPOWER on IntegriCloud