diff options
| author | Chris Buechler <cmb@pfsense.org> | 2015-07-25 16:58:37 -0500 |
|---|---|---|
| committer | Chris Buechler <cmb@pfsense.org> | 2015-07-25 17:00:57 -0500 |
| commit | b099481141d096d34897c4ec08b22dcea9bebbdd (patch) | |
| tree | f02c3aa5fa9ac3c872cb3c0f7ea721bc0a8c63c0 /etc | |
| parent | f674922ee93a3bef6158754bc08d4a6b5ace0daa (diff) | |
| download | pfsense-b099481141d096d34897c4ec08b22dcea9bebbdd.zip pfsense-b099481141d096d34897c4ec08b22dcea9bebbdd.tar.gz | |
Add 'any' option for peer ID, for mobile IPsec scenarios where you can't or don't want to check peer ID.
Conflicts:
usr/local/www/vpn_ipsec_phase1.php
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/ipsec.inc | 1 | ||||
| -rw-r--r-- | etc/inc/vpn.inc | 4 |
2 files changed, 4 insertions, 1 deletions
diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc index d3a6fe8..6654166 100644 --- a/etc/inc/ipsec.inc +++ b/etc/inc/ipsec.inc @@ -54,6 +54,7 @@ $my_identifier_list = array( global $peer_identifier_list; $peer_identifier_list = array( + 'any' => array('desc' => gettext('Any'), 'mobile' => true), 'peeraddress' => array('desc' => gettext('Peer IP address'), 'mobile' => false), 'address' => array('desc' => gettext('IP address'), 'mobile' => false), 'fqdn' => array('desc' => gettext('Distinguished name'), 'mobile' => true), diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 6772f6d..13dbffe 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -862,7 +862,9 @@ EOD; // Only specify peer ID if we are not dealing with mobile PSK } else { list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, 'peer', $rgmap); - if ($peerid_type != 'address' && $peerid_type != 'keyid' && $peerid_type != 'asn1dn') { + if ($peerid_type == 'any') { + $peerid_spec = ''; + } elseif ($peerid_type != 'address' && $peerid_type != 'keyid' && $peerid_type != 'asn1dn') { $peerid_spec = "{$peerid_type}:{$peerid_data}"; } elseif ($peerid_type == "asn1dn") { /* asn1dn needs double quotes */ |
