Project

General

Profile

Actions

Bug #4792

closed

IPSec ASN.1 DN needs double quotes in config file

Added by Cullen Trey almost 9 years ago. Updated over 8 years ago.

Status:
Resolved
Priority:
High
Category:
IPsec
Target version:
Start date:
01/24/2015
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.2.3
Affected Architecture:

Description

This is a bug #4275 reintroduced in 2.2.3:

Upon upgrade of 2.2.2 to 2.2.3 strongswan did not start and quit with the following message:

I ONLY adapted these lines of the old bug:

ipsec_starter73005: unable to start strongSwan -- fatal errors in config
ipsec_starter73005: invalid config file '/var/etc/ipsec/ipsec.conf'
ipsec_starter73005: /var/etc/ipsec/ipsec.conf:19: syntax error, unexpected EQ [=]
ipsec_starter73005: Starting strongSwan 5.2.3 IPsec [starter]...

Line 19 of ipsec.conf is:
leftid = asn1dn:C=CH/ST=Aargau/L=Baden/O=TechFreak/emailAddress=XXX/CN=vpn.example.com

I got StrongSwan only to accept it by changing leftif|rightid to (ommiting asn1dn)

leftid = "C=CH/ST=Aargau/L=Baden/O=TechFreak/emailAddress=XXX/CN=vpn.example.com"

this started to work again, and strongswan bootet up.

This should be checked in the GUI and automatically added to the value saved in the config file.

As the ipsec.conf is generated by the vpn.inc I adapted it the following way. Sorry for having no diff etc... Spot it by the comment line!

list ($myid_type, $myid_data) = ipsec_find_id($ph1ent, 'local');

if ($myid_type = 'asn1dn')
$myid_data = "\"{$myid_data}\"";
else
if ($myid_type != 'address')
$myid_data = "{$myid_type}:{$myid_data}";

/* Only specify peer ID if we are not dealing with a mobile PSK-only tunnel /
$peerid_spec = '';
if (!isset($ph1ent['mobile'])) {
list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, 'peer', $rgmap);
*if ($peerid_type = 'asn1dn')
$peerid_spec = "\"{$peerid_data}\"";
else
if ($peerid_type != 'address')
$peerid_spec = "{$peerid_type}:{$peerid_data}";
else
$peerid_spec = $peerid_data;
}

Kind regards

Actions

Also available in: Atom PDF