Revision 76827b9c
Added by Jim Pingle over 9 years ago
| src/etc/inc/vpn.inc | ||
|---|---|---|
| 995 | 995 |
$authentication .= "leftauth=pubkey\n\trightauth=eap-mschapv2"; |
| 996 | 996 |
if (!empty($ph1ent['certref'])) {
|
| 997 | 997 |
$authentication .= "\n\tleftcert={$certpath}/cert-{$ph1ent['ikeid']}.crt";
|
| 998 |
$authentication .= "\n\tleftsendcert=always"; |
|
| 998 | 999 |
} |
| 999 | 1000 |
} |
| 1000 | 1001 |
break; |
| ... | ... | |
| 1004 | 1005 |
$authentication .= "leftauth=pubkey\n\trightauth=eap-tls"; |
| 1005 | 1006 |
if (!empty($ph1ent['certref'])) {
|
| 1006 | 1007 |
$authentication .= "\n\tleftcert={$certpath}/cert-{$ph1ent['ikeid']}.crt";
|
| 1008 |
$authentication .= "\n\tleftsendcert=always"; |
|
| 1007 | 1009 |
} |
| 1008 | 1010 |
} else {
|
| 1009 | 1011 |
$authentication = "leftauth=eap-tls\n\trightauth=eap-tls"; |
| 1010 | 1012 |
if (!empty($ph1ent['certref'])) {
|
| 1011 | 1013 |
$authentication .= "\n\tleftcert={$certpath}/cert-{$ph1ent['ikeid']}.crt";
|
| 1014 |
$authentication .= "\n\tleftsendcert=always"; |
|
| 1012 | 1015 |
} |
| 1013 | 1016 |
} |
| 1014 | 1017 |
if (isset($casub)) {
|
| ... | ... | |
| 1021 | 1024 |
$authentication .= "leftauth=pubkey\n\trightauth=eap-radius"; |
| 1022 | 1025 |
if (!empty($ph1ent['certref'])) {
|
| 1023 | 1026 |
$authentication .= "\n\tleftcert={$certpath}/cert-{$ph1ent['ikeid']}.crt";
|
| 1027 |
$authentication .= "\n\tleftsendcert=always"; |
|
| 1024 | 1028 |
} |
| 1025 | 1029 |
} else {
|
| 1026 | 1030 |
$authentication = "leftauth=eap-radius\n\trightauth=eap-radius"; |
| 1027 | 1031 |
if (!empty($ph1ent['certref'])) {
|
| 1028 | 1032 |
$authentication .= "\n\tleftcert={$certpath}/cert-{$ph1ent['ikeid']}.crt";
|
| 1033 |
$authentication .= "\n\tleftsendcert=always"; |
|
| 1029 | 1034 |
} |
| 1030 | 1035 |
} |
| 1031 | 1036 |
break; |
Also available in: Unified diff
Set leftsendcert=always for IKEv2 configurations with certificates to better accommodate OS X and iOS manual configurations. Fixes #5353