diff options
Diffstat (limited to 'etc/inc/vpn.inc')
-rw-r--r-- | etc/inc/vpn.inc | 24 |
1 files changed, 13 insertions, 11 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 9df0cd6..1608f77 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -568,14 +568,14 @@ EOD; /* XXX" Traffic selectors? */ $pskconf .= " : RSA {$ph1keyfile}\n"; } else { - list ($myid_type, $myid_data) = ipsec_find_id($ph1ent, "local"); - list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, "peer", $rgmap); + list ($myid_type, $myid_data) = ipsec_find_id($ph1ent, 'local'); + list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, 'peer', $rgmap); if (empty($peerid_data)) continue; $myid = isset($ph1ent['mobile']) ? trim($myid_data) : "%any"; - $peerid = ($peerid_data != "allusers") ? trim($peerid_data) : ""; + $peerid = ($peerid_data != 'allusers') ? trim($peerid_data) : ''; if (!empty($ph1ent['pre-shared-key'])) { if ($myid_type == 'fqdn' && !empty($myid_data)) $pskconf .= "@{$myid} {$peerid} : PSK 0s" . base64_encode(trim($ph1ent['pre-shared-key'])) . "\n"; @@ -746,17 +746,19 @@ EOD; } } - list ($myid_type, $myid_data) = ipsec_find_id($ph1ent, "local"); - if ($myid_type == 'fqdn') - $myid_data = "@{$myid_data}"; - list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, "peer", $rgmap); - if ($peerid_type == 'fqdn') - $peerid_data = "@{$peerid_data}"; + list ($myid_type, $myid_data) = ipsec_find_id($ph1ent, 'local'); + if ($myid_type != 'address') + $myid_data = "{$myid_type}:{$myid_data}"; /* Only specify peer ID if we are not dealing with a mobile PSK-only tunnel */ $peerid_spec = ''; - if (!isset($ph1ent['mobile'])) - $peerid_spec = $peerid_data; + if (!isset($ph1ent['mobile'])) { + list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, 'peer', $rgmap); + if ($peerid_type != 'address') + $peerid_spec = "{$peerid_type}:{$peerid_data}"; + else + $peerid_spec = $peerid_data; + } if (is_array($ph1ent['encryption-algorithm']) && !empty($ph1ent['encryption-algorithm']['name']) && !empty($ph1ent['hash-algorithm'])) { $ealgosp1 = ''; |