From 29c9e14002b4a1566fa6afc6c4933b384b8e2242 Mon Sep 17 00:00:00 2001 From: Renato Botelho Date: Tue, 23 Jun 2015 09:59:46 -0300 Subject: Add a workaround for ticket #4785: There was a regression on strongswan between 5.3.0 and 5.3.2 as reported at [1]. To workaround this issue, add an extra line on ipsec.secrets with right fqdn. --- etc/inc/vpn.inc | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) (limited to 'etc') diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index ab19cb3..7c4b626 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -579,12 +579,26 @@ EOD; if (empty($peerid_data)) continue; + if ($myid_type == 'fqdn' && !empty($myid)) { + $myid = "@{$myid}"; + } + $peerid = ($peerid_data != 'allusers') ? trim($peerid_data) : ''; + + if ($peerid_type == 'fqdn' && !empty($peerid)) { + $peerid = "@{$peerid}"; + } + if (!empty($ph1ent['pre-shared-key'])) { - if ($myid_type == 'fqdn' && !empty($myid)) - $pskconf .= "@{$myid} {$peerid} : PSK 0s" . base64_encode(trim($ph1ent['pre-shared-key'])) . "\n"; - else - $pskconf .= "{$myid} {$peerid} : PSK 0s" . base64_encode(trim($ph1ent['pre-shared-key'])) . "\n"; + $pskconf .= "{$myid} {$peerid} : PSK 0s" . base64_encode(trim($ph1ent['pre-shared-key'])) . "\n"; + + /* + * XXX: Remove after following strongswan issue is fixed: + *https://wiki.strongswan.org/issues/1004 + */ + if ($peerid_type == 'address' && is_fqdn($ph1ent['remote-gateway'])) { + $pskconf .= "{$myid} @{$ph1ent['remote-gateway']} : PSK 0s" . base64_encode(trim($ph1ent['pre-shared-key'])) . "\n"; + } } } } -- cgit v1.1