diff options
author | Chris Buechler <cmb@pfsense.org> | 2015-07-03 20:03:12 -0500 |
---|---|---|
committer | Chris Buechler <cmb@pfsense.org> | 2015-07-03 20:06:12 -0500 |
commit | d44e7dc081d01eb106cbc5d4871a88b683ee3b9e (patch) | |
tree | 5100319cfafc43214b3123d622ee9d2617c0511d /etc | |
parent | 96f980719c0b2916bc4cfe74084f227bc5fb4654 (diff) | |
download | pfsense-d44e7dc081d01eb106cbc5d4871a88b683ee3b9e.zip pfsense-d44e7dc081d01eb106cbc5d4871a88b683ee3b9e.tar.gz |
Fix keyid identifers, and go back to using %any in ipsec.secrets as in previous versions, fixing a variety of other ID issues. Latter will break some mobile IPsec circumstances, fix for that to come after more testing. Ticket #4811
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/vpn.inc | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index a75b022..9ca4df2 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -638,6 +638,8 @@ EOD; if ($myid_type == 'fqdn' && !empty($myid)) { $myid = "@{$myid}"; } + + $myid = isset($ph1ent['mobile']) ? trim($myid_data) : "%any"; $peerid = ($peerid_data != 'allusers') ? trim($peerid_data) : ''; @@ -821,7 +823,7 @@ EOD; } list ($myid_type, $myid_data) = ipsec_find_id($ph1ent, 'local'); - if ($myid_type != 'address') { + if ($myid_type != 'address' && $myid_type != 'keyid') { $myid_data = "{$myid_type}:{$myid_data}"; } @@ -829,7 +831,7 @@ EOD; $peerid_spec = ''; if (!isset($ph1ent['mobile'])) { list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, 'peer', $rgmap); - if ($peerid_type != 'address') { + if ($peerid_type != 'address' && $peerid_type != 'keyid') { $peerid_spec = "{$peerid_type}:{$peerid_data}"; } else { $peerid_spec = $peerid_data; |