diff options
author | Chris Buechler <cmb@pfsense.org> | 2014-08-14 00:14:18 -0500 |
---|---|---|
committer | Chris Buechler <cmb@pfsense.org> | 2014-08-14 00:14:18 -0500 |
commit | 154298f1962c84d28f264cd3d33ece1f1e71d83a (patch) | |
tree | e8a24f2e7f56ab81d69606df1b68b25e99414ea8 /etc | |
parent | 7f1b720f4c3f1c8fd56fd1c4ab96458294b64175 (diff) | |
download | pfsense-154298f1962c84d28f264cd3d33ece1f1e71d83a.zip pfsense-154298f1962c84d28f264cd3d33ece1f1e71d83a.tar.gz |
rightsourceip must be used with PSK+Xauth.
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/vpn.inc | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index d222622..3be02d2 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -586,6 +586,7 @@ EOD; $ikelifeline = "ikelifetime = {$ph1ent['lifetime']}s"; $authentication = ""; + $rightsourceip = NULL; switch ($ph1ent['authentication_method']) { case 'xauth_rsa_server': $authentication = "leftauth = pubkey\n\trightauth = pubkey"; @@ -594,6 +595,8 @@ EOD; case 'xauth_psk_server': $authentication = "leftauth = psk\n\trightauth = psk"; $authentication .= "\n\trightauth2 = xauth-generic"; + if (!empty($a_client['pool_address'])) + $rightsourceip = "\trightsourceip = {$a_client['pool_address']}/{$a_client['pool_netbits']}\n"; break; case 'pre_shared_key': $authentication = "leftauth = psk\n\trightauth = psk"; @@ -610,7 +613,6 @@ EOD; $left_spec = $ep; $ipseclifetime = 0; - $rightsourceip = NULL; $rightsubnet_spec = array(); $leftsubnet_spec = array(); $ealgoAHsp2arr = array(); @@ -664,7 +666,6 @@ EOD; $rightsubnet_spec[] = ipsec_idinfo_to_cidr($ph2ent['remoteid'], false, $ph2ent['mode']); } else if (!empty($a_client['pool_address'])) { $rightsubnet_spec[] = "{$a_client['pool_address']}/{$a_client['pool_netbits']}"; - $rightsourceip = "\trightsourceip={$a_client['pool_address']}/{$a_client['pool_netbits']}\n"; } } else { $tunneltype = "type = transport"; |