diff options
Diffstat (limited to 'etc/inc/vpn.inc')
| -rw-r--r-- | etc/inc/vpn.inc | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 824a374..49a2324 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -535,7 +535,21 @@ function vpn_ipsec_configure($ipchg = false) chmod($keypath, 0600); + $ca = lookup_ca($cert['caref']); + $cafile = "ca-".$ikeid.".crt"; + $capath = $g['varetc_path']."/".$cafile; + + if (!file_put_contents($capath, base64_decode($ca['crt']))) + { + log_error("Error: Cannot write phase1 CA certificate file for {$ph1ent['name']}"); + continue; + } + + chmod($capath, 0600); + $certline = "certificate_type x509 \"".basename($certpath)."\" \"".basename($keypath)."\";"; + + $caline = "ca_type x509 \"".basename($capath)."\";"; } $ealgos = ''; @@ -570,6 +584,7 @@ remote {$rgip} initial_contact = {$init}; nat_traversal = {$natt}; {$certline} + {$caline} {$dpdline1} {$dpdline2} support_proxy on; |
