Fixes #4359 Allow controlling uniqueids

2 files changed, 10 insertions, 1 deletions

diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc
index 571e30c..04a4aae 100644
--- a/etc/inc/ipsec.inc
+++ b/etc/inc/ipsec.inc
@@ -58,6 +58,10 @@ $peer_identifier_list = array(
 	'asn1dn' => array( 'desc' => gettext('ASN.1 distinguished Name'), 'mobile' => true ),
 	'keyid tag' => array( 'desc' =>gettext('KeyID tag'), 'mobile' => true ));
 
+$ipsec_idhandling = array(
+	'yes' => 'YES', 'no' => 'NO', 'never' => 'NEVER', 'keep' => 'KEEP'
+	);
+
 $p1_ealgos = array(
 	'aes' => array( 'name' => 'AES', 'keysel' => array( 'lo' => 128, 'hi' => 256, 'step' => 64 ) ),
 	'blowfish' => array( 'name' => 'Blowfish', 'keysel' => array( 'lo' => 128, 'hi' => 256, 'step' => 64 ) ),
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc
index 4d401d9..7db3a0a 100644
--- a/etc/inc/vpn.inc
+++ b/etc/inc/vpn.inc
@@ -554,6 +554,11 @@ EOD;
 	chmod("{$g['varetc_path']}/ipsec/ipsec.secrets", 0600);
 	unset($pskconf);
 
+	$uniqueids = 'yes';
+	if (!empty($config['ipsec']['uniqueids'])) {
+		if (in_array($uniqueids, $ipsec_idhandling))
+			$uniqueids = $config['ipsec']['uniqueids'];
+	}
 	$natfilterrules = false;
 	/* begin ipsec.conf */
 	$ipsecconf = "";
@@ -561,7 +566,7 @@ EOD;
 	if (is_array($a_phase1) && count($a_phase1))  {
 
 		$ipsecconf .= "# This file is automatically generated. Do not edit\n";
-		$ipsecconf .= "config setup\n\tuniqueids = yes\n";
+		$ipsecconf .= "config setup\n\tuniqueids = {$uniqueids}\n";
 		$ipsecconf .= "\tcharondebug=\"" . vpn_ipsec_configure_loglevels(true) . "\"\n";
 
 		foreach ($a_phase1 as $ph1ent) {