From 887093c3093e5ed4084b28e2cbfbe748d5c00117 Mon Sep 17 00:00:00 2001
From: Chris Buechler <cmb@pfsense.org>
Date: Sun, 21 Jun 2015 16:00:23 -0500
Subject: Specify $myid rather than %any here, otherwise user manager and
 mobile PSKs won't match. Ticket #4781

---
 etc/inc/vpn.inc | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'etc')

diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc
index d84ad5a..7e64f88 100644
--- a/etc/inc/vpn.inc
+++ b/etc/inc/vpn.inc
@@ -573,11 +573,12 @@ EOD;
 			} else {
 				list ($myid_type, $myid_data) = ipsec_find_id($ph1ent, 'local');
 				list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, 'peer', $rgmap);
+				
+				$myid = isset($ph1ent['mobile']) ? trim($myid_data) : "%any";
 
 				if (empty($peerid_data))
 					continue;
 
-				$myid = isset($ph1ent['mobile']) ? trim($myid_data) : "%any";
 				$peerid = ($peerid_data != 'allusers') ? trim($peerid_data) : '';
 				if (!empty($ph1ent['pre-shared-key'])) {
 					if ($myid_type == 'fqdn' && !empty($myid_data))
@@ -593,7 +594,7 @@ EOD;
 	if (is_array($config['system']) && is_array($config['system']['user'])) {
 		foreach ($config['system']['user'] as $user) {
 			if (!empty($user['ipsecpsk'])) {
-				$pskconf .= "%any {$user['name']} : PSK 0s" . base64_encode($user['ipsecpsk']) . "\n";
+				$pskconf .= "{$myid} {$user['name']} : PSK 0s" . base64_encode($user['ipsecpsk']) . "\n";
 			}
 		}
 		unset($user);
@@ -606,7 +607,7 @@ EOD;
 				$key['ident'] = '%any';
 			if (empty($key['type']))
 				$key['type'] = 'PSK';
-			$pskconf .= "%any {$key['ident']} : {$key['type']} 0s" . base64_encode($key['pre-shared-key']) . "\n";
+			$pskconf .= "{$myid} {$key['ident']} : {$key['type']} 0s" . base64_encode($key['pre-shared-key']) . "\n";
 		}
 		unset($key);
 	}
-- 
cgit v1.1