diff options
| -rw-r--r-- | src/etc/inc/vpn.inc | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/src/etc/inc/vpn.inc b/src/etc/inc/vpn.inc index a529cfa..62c5fa2 100644 --- a/src/etc/inc/vpn.inc +++ b/src/etc/inc/vpn.inc @@ -951,6 +951,21 @@ EOD; } } + if (!empty($ph1ent['caref'])) { + $ca = lookup_ca($ph1ent['caref']); + if ($ca) { + $casubarr = cert_get_subject_array($ca['crt']); + $casub = ""; + foreach ($casubarr as $casubfield) { + if (empty($casub)) { + $casub = "/"; + } + $casub .= "{$casubfield['a']}={$casubfield['v']}/"; + } + + } + } + $authentication = ""; switch ($ph1ent['authentication_method']) { case 'eap-mschapv2': @@ -975,6 +990,9 @@ EOD; $authentication .= "\n\tleftcert={$certpath}/cert-{$ph1ent['ikeid']}.crt"; } } + if (isset($casub)) { + $authentication .= "\n\trightca=\"$casub\""; + } break; case 'eap-radius': if (isset($ph1ent['mobile'])) { @@ -996,6 +1014,9 @@ EOD; if (!empty($ph1ent['certref'])) { $authentication .= "\n\tleftcert={$certpath}/cert-{$ph1ent['ikeid']}.crt"; } + if (isset($casub)) { + $authentication .= "\n\trightca=\"$casub\""; + } break; case 'xauth_psk_server': $authentication = "leftauth = psk\n\trightauth = psk"; @@ -1009,6 +1030,9 @@ EOD; if (!empty($ph1ent['certref'])) { $authentication .= "\n\tleftcert={$certpath}/cert-{$ph1ent['ikeid']}.crt"; } + if (isset($casub)) { + $authentication .= "\n\trightca=\"$casub\""; + } break; case 'hybrid_rsa_server': $authentication = "leftauth = pubkey\n\trightauth = xauth-generic"; |
