Project

General

Profile

« Previous | Next » 

Revision 7a7e1ba9

Added by Matthew Smith almost 10 years ago

Set rightca for IPsec phase 1 using Mutual RSA, Mutual RSA + xauth, or EAP-TLS. Fixes #5241.

View differences:

src/etc/inc/vpn.inc
951 951 
				}
952 952 
			}
953 953 

  		




  
  954
  
    
			if (!empty($ph1ent['caref'])) {


  		




  
  955
  
    
				$ca = lookup_ca($ph1ent['caref']);


  		




  
  956
  
    
				if ($ca) {


  		




  
  957
  
    
					$casubarr = cert_get_subject_array($ca['crt']);


  		




  
  958
  
    
					$casub = "";


  		




  
  959
  
    
					foreach ($casubarr as $casubfield) {


  		




  
  960
  
    
						if (empty($casub)) {


  		




  
  961
  
    
							$casub = "/";


  		




  
  962
  
    
						}


  		




  
  963
  
    
						$casub .= "{$casubfield['a']}={$casubfield['v']}/";


  		




  
  964
  
    
					}


  		




  
  965
  
    

  		




  
  966
  
    
				}


  		




  
  967
  
    
			}


  		




  
  968
  
    

  		




  954
  969
  
    
			$authentication = "";


  		




  955
  970
  
    
			switch ($ph1ent['authentication_method']) {


  		




  956
  971
  
    
				case 'eap-mschapv2':


  		




  ......




  975
  990
  
    
							$authentication .= "\n\tleftcert={$certpath}/cert-{$ph1ent['ikeid']}.crt";


  		




  976
  991
  
    
						}


  		




  977
  992
  
    
					}


  		




  
  993
  
    
					if (isset($casub)) {


  		




  
  994
  
    
						$authentication .= "\n\trightca=\"$casub\"";


  		




  
  995
  
    
					}


  		




  978
  996
  
    
					break;


  		




  979
  997
  
    
				case 'eap-radius':


  		




  980
  998
  
    
					if (isset($ph1ent['mobile'])) {


  		




  ......




  996
  1014
  
    
					if (!empty($ph1ent['certref'])) {


  		




  997
  1015
  
    
						$authentication .= "\n\tleftcert={$certpath}/cert-{$ph1ent['ikeid']}.crt";


  		




  998
  1016
  
    
					}


  		




  
  1017
  
    
					if (isset($casub)) {


  		




  
  1018
  
    
						$authentication .= "\n\trightca=\"$casub\"";


  		




  
  1019
  
    
					}


  		




  999
  1020
  
    
					break;


  		




  1000
  1021
  
    
				case 'xauth_psk_server':


  		




  1001
  1022
  
    
					$authentication = "leftauth = psk\n\trightauth = psk";


  		




  ......




  1009
  1030
  
    
					if (!empty($ph1ent['certref'])) {


  		




  1010
  1031
  
    
						$authentication .= "\n\tleftcert={$certpath}/cert-{$ph1ent['ikeid']}.crt";


  		




  1011
  1032
  
    
					}


  		




  
  1033
  
    
					if (isset($casub)) {


  		




  
  1034
  
    
						$authentication .= "\n\trightca=\"$casub\"";


  		




  
  1035
  
    
					}


  		




  1012
  1036
  
    
					break;


  		




  1013
  1037
  
    
				case 'hybrid_rsa_server':


  		




  1014
  1038
  
    
					$authentication = "leftauth = pubkey\n\trightauth = xauth-generic";


  		












Also available in:  Unified diff