From 29a3ac407fdeb6f8991c5e0798c651ff560d708d Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Fri, 13 Aug 2010 13:05:25 -0400
Subject: Honor a phase 1 proposal_check if one is set, otherwise use the
 default.

---
 etc/inc/vpn.inc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'etc')

diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc
index 6efec52..824a374 100644
--- a/etc/inc/vpn.inc
+++ b/etc/inc/vpn.inc
@@ -474,14 +474,14 @@ function vpn_ipsec_configure($ipchg = false)
 
 					$init = "on";
 					$genp = "off";
-					$pcheck = "claim";
+					$pcheck = empty($ph1ent['proposal_check']) ? $ph1ent['proposal_check'] : $pcheck = "claim";
 					$passive = "";
 					if (isset($ph1ent['mobile'])) {
 						$rgip = "anonymous";
 						/* Mimic 1.2.3's behavior for pure-psk mobile tunnels */
 						if ($ph1ent['authentication_method'] == "pre_shared_key") {
 							$passive = "passive on;";
-							$pcheck = "obey";
+							$pcheck = empty($ph1ent['proposal_check']) ? $ph1ent['proposal_check'] : $pcheck = "obey";
 							$genp = "on";
 						} else {
 							$init = "off";
-- 
cgit v1.1