diff options
| author | jim-p <jimp@pfsense.org> | 2010-12-10 16:37:15 -0500 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2010-12-10 16:38:08 -0500 |
| commit | 20699f3f43f87a8b32bab9d0ef2cb2fff9b11fd4 (patch) | |
| tree | 2cb86c5a4acf0a0898ec9ac67dd3c8d8a00e4a7c /etc | |
| parent | 3aba1835f9d1a45e4f0d17823af2e13a4de19787 (diff) | |
| download | pfsense-20699f3f43f87a8b32bab9d0ef2cb2fff9b11fd4.zip pfsense-20699f3f43f87a8b32bab9d0ef2cb2fff9b11fd4.tar.gz | |
Some IPsec mobile changes to inch a little closer to working L2TP+IPsec. Ticket #475
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/vpn.inc | 33 |
1 files changed, 20 insertions, 13 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index cbadddf..44c934c 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -643,11 +643,11 @@ EOD; && isset($ph1ent['mobile'])) $localid_spec = " "; else { - if ($localid_type != "address") { - $localid_type = "subnet"; - } - $localid_spec = $localid_type." ".$localid_data." any"; - } + if ($localid_type != "address") { + $localid_type = "subnet"; + } + $localid_spec = $localid_type." ".$localid_data." any"; + } if (!isset($ph2ent['mobile'])) { $remoteid_type = $ph2ent['remoteid']['type']; @@ -660,16 +660,23 @@ EOD; $remoteid_spec = "anonymous"; } else { - $rgip = $rgmap[$ph1ent['remote-gateway']]; - $localid_data = ipsec_get_phase1_src($ph1ent); - if($ph2ent['mode'] == 'transport') { $localid_data="$localid_data any"; } - $localid_spec = "address {$localid_data}"; - - $remoteid_data = $rgmap[$ph1ent['remote-gateway']]; - if($ph2ent['mode'] == 'transport') { $remoteid_data="$remoteid_data any"; } - $remoteid_spec = "address {$remoteid_data}"; + if ((($ph1ent['authentication_method'] == "xauth_psk_server") || + ($ph1ent['authentication_method'] == "pre_shared_key")) + && isset($ph1ent['mobile'])) + $localid_spec = " "; + else { + $localid_data = ipsec_get_phase1_src($ph1ent); + if($ph2ent['mode'] == 'transport') { $localid_data="$localid_data any"; } + $localid_spec = "address {$localid_data}"; + } + if (!isset($ph2ent['mobile'])) { + $remoteid_data = $rgmap[$ph1ent['remote-gateway']]; + if($ph2ent['mode'] == 'transport') { $remoteid_data="$remoteid_data any"; } + $remoteid_spec = "address {$remoteid_data}"; + } else + $remoteid_spec = "anonymous"; } if($ph2ent['protocol'] == 'esp') { |
