From b099481141d096d34897c4ec08b22dcea9bebbdd Mon Sep 17 00:00:00 2001
From: Chris Buechler <cmb@pfsense.org>
Date: Sat, 25 Jul 2015 16:58:37 -0500
Subject: Add 'any' option for peer ID, for mobile IPsec scenarios where you
 can't or don't want to check peer ID.

Conflicts:
	usr/local/www/vpn_ipsec_phase1.php
---
 etc/inc/ipsec.inc | 1 +
 etc/inc/vpn.inc   | 4 +++-
 2 files changed, 4 insertions(+), 1 deletion(-)

(limited to 'etc/inc')

diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc
index d3a6fe8..6654166 100644
--- a/etc/inc/ipsec.inc
+++ b/etc/inc/ipsec.inc
@@ -54,6 +54,7 @@ $my_identifier_list = array(
 
 global $peer_identifier_list;
 $peer_identifier_list = array(
+	'any' => array('desc' => gettext('Any'), 'mobile' => true),
 	'peeraddress' => array('desc' => gettext('Peer IP address'), 'mobile' => false),
 	'address' => array('desc' => gettext('IP address'), 'mobile' => false),
 	'fqdn' => array('desc' => gettext('Distinguished name'), 'mobile' => true),
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc
index 6772f6d..13dbffe 100644
--- a/etc/inc/vpn.inc
+++ b/etc/inc/vpn.inc
@@ -862,7 +862,9 @@ EOD;
 				// Only specify peer ID if we are not dealing with mobile PSK
 			} else {
 				list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, 'peer', $rgmap);
-				if ($peerid_type != 'address' && $peerid_type != 'keyid' && $peerid_type != 'asn1dn') {
+				if ($peerid_type == 'any') {
+					$peerid_spec = '';
+				} elseif ($peerid_type != 'address' && $peerid_type != 'keyid' && $peerid_type != 'asn1dn') {
 					$peerid_spec = "{$peerid_type}:{$peerid_data}";
 				} elseif ($peerid_type == "asn1dn") {
 					/* asn1dn needs double quotes */
-- 
cgit v1.1