diff options
| -rw-r--r-- | etc/inc/ipsec.inc | 42 | ||||
| -rw-r--r-- | etc/inc/vpn.inc | 24 |
2 files changed, 35 insertions, 31 deletions
diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc index eb527e0..2b33e57 100644 --- a/etc/inc/ipsec.inc +++ b/etc/inc/ipsec.inc @@ -616,39 +616,41 @@ function ipsec_find_id(& $ph1ent, $side = "local", $rgmap = array()) { $addr = "%any"; else $addr = $ph1ent['remote-gateway']; - } else { + } else return array(); - } $thisid_type = $id_type; switch ($thisid_type) { - case "myaddress": - $thisid_type = "address"; + case 'myaddress': + $thisid_type = 'address'; $thisid_data = $addr; break; - - case "dyn_dns": - $thisid_type = "address"; - $thisid_data = resolve_retry($id_data); + case 'dyn_dns': + $thisid_type = 'dns'; + $thisid_data = $id_data; break; - - case "peeraddress": - $thisid_type = "address"; + case 'peeraddress': + $thisid_type = 'address'; $thisid_data = $rgmap[$ph1ent['remote-gateway']]; break; - - case "address"; + case 'address'; $thisid_data = $id_data; break; - - case "fqdn"; - case "keyid tag"; - case "user_fqdn"; - case "asn1dn"; + case 'fqdn'; + $thisid_data = "{$id_data}"; + break; + case 'keyid tag'; + $thisid_type = 'keyid'; + $thisid_data = "{$thisid_data}"; + break; + case 'user_fqdn'; + $thisid_type = 'userfqdn'; + $thisid_data = "{$id_data}"; + break; + case 'asn1dn'; $thisid_data = $id_data; - if( $thisid_data ) - $thisid_data = "{$thisid_data}"; + $thisid_data = "{$id_data}"; break; } return array($thisid_type, $thisid_data); diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index d5775da..60a844f 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -478,14 +478,14 @@ EOD; /* XXX" Traffic selectors? */ $pskconf .= " : RSA {$ph1keyfile}\n"; } else { - list ($myid_type, $myid_data) = ipsec_find_id($ph1ent, "local"); - list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, "peer", $rgmap); + list ($myid_type, $myid_data) = ipsec_find_id($ph1ent, 'local'); + list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, 'peer', $rgmap); if (empty($peerid_data)) continue; $myid = isset($ph1ent['mobile']) ? trim($myid_data) : "%any"; - $peerid = ($peerid_data != "allusers") ? trim($peerid_data) : ""; + $peerid = ($peerid_data != 'allusers') ? trim($peerid_data) : ''; if (!empty($ph1ent['pre-shared-key'])) { if ($myid_type == 'fqdn' && !empty($myid_data)) $pskconf .= "@{$myid} {$peerid} : PSK 0s" . base64_encode(trim($ph1ent['pre-shared-key'])) . "\n"; @@ -560,17 +560,19 @@ EOD; } else $right_spec = $ph1ent['remote-gateway']; - list ($myid_type, $myid_data) = ipsec_find_id($ph1ent, "local"); - if ($myid_type == 'fqdn') - $myid_data = "@{$myid_data}"; - list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, "peer", $rgmap); - if ($peerid_type == 'fqdn') - $peerid_data = "@{$peerid_data}"; + list ($myid_type, $myid_data) = ipsec_find_id($ph1ent, 'local'); + if ($myid_type != 'address') + $myid_data = "{$myid_type}:{$myid_data}"; /* Only specify peer ID if we are not dealing with a mobile PSK-only tunnel */ $peerid_spec = ''; - if (!isset($ph1ent['mobile'])) - $peerid_spec = $peerid_data; + if (!isset($ph1ent['mobile'])) { + list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, 'peer', $rgmap); + if ($peerid_type != 'address') + $peerid_spec = "{$peerid_type}:{$peerid_data}"; + else + $peerid_spec = $peerid_data; + } if (is_array($ph1ent['encryption-algorithm']) && !empty($ph1ent['encryption-algorithm']['name']) && !empty($ph1ent['hash-algorithm'])) { $ealgosp1 = ''; |
