From 7b9d7eac047a5265061e40493c3f95be1d4c4238 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ermal=20LU=C3=87I?= Date: Tue, 21 Apr 2015 19:39:11 +0200 Subject: Revert "Revert "Move to specifically specifying the ID type apart when an ip address to have strongswan do proper behaviour. Also for DynDNS names use the dns type id so strongswan does the resolving by its own."" This reverts commit 4e8eacfd7c0f1909c15d85b4cae2302b0ba3f0fc. Conflicts: etc/inc/ipsec.inc --- etc/inc/ipsec.inc | 42 +++++++++++++++++++++--------------------- etc/inc/vpn.inc | 24 +++++++++++++----------- 2 files changed, 34 insertions(+), 32 deletions(-) (limited to 'etc') diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc index 6e3e346..fe45912 100644 --- a/etc/inc/ipsec.inc +++ b/etc/inc/ipsec.inc @@ -653,41 +653,41 @@ function ipsec_find_id(& $ph1ent, $side = "local", $rgmap = array()) { $addr = "%any"; else $addr = $ph1ent['remote-gateway']; - } else { + } else return array(); - } $thisid_type = $id_type; switch ($thisid_type) { - case "myaddress": - $thisid_type = "address"; + case 'myaddress': + $thisid_type = 'address'; $thisid_data = $addr; break; - - case "dyn_dns": - $thisid_type = "address"; - $thisid_data = resolve_retry($id_data); + case 'dyn_dns': + $thisid_type = 'dns'; + $thisid_data = $id_data; break; - - case "peeraddress": - $thisid_type = "address"; + case 'peeraddress': + $thisid_type = 'address'; $thisid_data = $rgmap[$ph1ent['remote-gateway']]; break; - - case "address"; + case 'address'; $thisid_data = $id_data; break; - - case "fqdn"; - case "keyid tag"; - case "user_fqdn"; - $thisid_data = $id_data; + case 'fqdn'; + $thisid_data = "{$id_data}"; + break; + case 'keyid tag'; + $thisid_type = 'keyid'; + $thisid_data = "{$thisid_data}"; + break; + case 'user_fqdn'; + $thisid_type = 'userfqdn'; + $thisid_data = "{$id_data}"; break; - case "asn1dn"; + case 'asn1dn'; $thisid_data = $id_data; - if( $thisid_data && $thisid_data[0] != '"') - $thisid_data = "\"{$thisid_data}\""; + $thisid_data = "{$id_data}"; break; } return array($thisid_type, $thisid_data); diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 9df0cd6..1608f77 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -568,14 +568,14 @@ EOD; /* XXX" Traffic selectors? */ $pskconf .= " : RSA {$ph1keyfile}\n"; } else { - list ($myid_type, $myid_data) = ipsec_find_id($ph1ent, "local"); - list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, "peer", $rgmap); + list ($myid_type, $myid_data) = ipsec_find_id($ph1ent, 'local'); + list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, 'peer', $rgmap); if (empty($peerid_data)) continue; $myid = isset($ph1ent['mobile']) ? trim($myid_data) : "%any"; - $peerid = ($peerid_data != "allusers") ? trim($peerid_data) : ""; + $peerid = ($peerid_data != 'allusers') ? trim($peerid_data) : ''; if (!empty($ph1ent['pre-shared-key'])) { if ($myid_type == 'fqdn' && !empty($myid_data)) $pskconf .= "@{$myid} {$peerid} : PSK 0s" . base64_encode(trim($ph1ent['pre-shared-key'])) . "\n"; @@ -746,17 +746,19 @@ EOD; } } - list ($myid_type, $myid_data) = ipsec_find_id($ph1ent, "local"); - if ($myid_type == 'fqdn') - $myid_data = "@{$myid_data}"; - list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, "peer", $rgmap); - if ($peerid_type == 'fqdn') - $peerid_data = "@{$peerid_data}"; + list ($myid_type, $myid_data) = ipsec_find_id($ph1ent, 'local'); + if ($myid_type != 'address') + $myid_data = "{$myid_type}:{$myid_data}"; /* Only specify peer ID if we are not dealing with a mobile PSK-only tunnel */ $peerid_spec = ''; - if (!isset($ph1ent['mobile'])) - $peerid_spec = $peerid_data; + if (!isset($ph1ent['mobile'])) { + list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, 'peer', $rgmap); + if ($peerid_type != 'address') + $peerid_spec = "{$peerid_type}:{$peerid_data}"; + else + $peerid_spec = $peerid_data; + } if (is_array($ph1ent['encryption-algorithm']) && !empty($ph1ent['encryption-algorithm']['name']) && !empty($ph1ent['hash-algorithm'])) { $ealgosp1 = ''; -- cgit v1.1