Project

General

Profile

« Previous | Next » 

Revision 7b9d7eac

Added by Ermal Luçi over 10 years ago

Revert "Revert "Move to specifically specifying the ID type apart when an ip address to have strongswan do proper behaviour. Also for DynDNS names use the dns type id so strongswan does the resolving by its own.""

This reverts commit 4e8eacfd7c0f1909c15d85b4cae2302b0ba3f0fc.

Conflicts:
etc/inc/ipsec.inc

View differences:

etc/inc/vpn.inc
568 568 
				/* XXX" Traffic selectors? */
569 569 
				$pskconf .= " : RSA {$ph1keyfile}\n";
570 570 
			} else {
571 
				list ($myid_type, $myid_data) = ipsec_find_id($ph1ent, "local");
572 
				list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, "peer", $rgmap);
571 
				list ($myid_type, $myid_data) = ipsec_find_id($ph1ent, 'local');
572 
				list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, 'peer', $rgmap);
573 573 

  		




  574
  574
  
    
				if (empty($peerid_data))


  		




  575
  575
  
    
					continue;


  		




  576
  576
  
    

  		




  577
  577
  
    
				$myid = isset($ph1ent['mobile']) ? trim($myid_data) : "%any";


  		




  578
  
  
    
				$peerid = ($peerid_data != "allusers") ? trim($peerid_data) : "";


  		




  
  578
  
    
				$peerid = ($peerid_data != 'allusers') ? trim($peerid_data) : '';


  		




  579
  579
  
    
				if (!empty($ph1ent['pre-shared-key'])) {


  		




  580
  580
  
    
					if ($myid_type == 'fqdn' && !empty($myid_data))


  		




  581
  581
  
    
						$pskconf .= "@{$myid} {$peerid} : PSK 0s" . base64_encode(trim($ph1ent['pre-shared-key'])) . "\n";


  		




  ......




  746
  746
  
    
				}


  		




  747
  747
  
    
			}


  		




  748
  748
  
    

  		




  749
  
  
    
			list ($myid_type, $myid_data) = ipsec_find_id($ph1ent, "local");


  		




  750
  
  
    
			if ($myid_type == 'fqdn')


  		




  751
  
  
    
				$myid_data = "@{$myid_data}";


  		




  752
  
  
    
			list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, "peer", $rgmap);


  		




  753
  
  
    
			if ($peerid_type == 'fqdn')


  		




  754
  
  
    
				$peerid_data = "@{$peerid_data}";


  		




  
  749
  
    
			list ($myid_type, $myid_data) = ipsec_find_id($ph1ent, 'local');


  		




  
  750
  
    
			if ($myid_type != 'address')


  		




  
  751
  
    
				$myid_data = "{$myid_type}:{$myid_data}";


  		




  755
  752
  
    

  		




  756
  753
  
    
			/* Only specify peer ID if we are not dealing with a mobile PSK-only tunnel */


  		




  757
  754
  
    
			$peerid_spec = '';


  		




  758
  
  
    
			if (!isset($ph1ent['mobile']))


  		




  759
  
  
    
				$peerid_spec = $peerid_data;


  		




  
  755
  
    
			if (!isset($ph1ent['mobile'])) {


  		




  
  756
  
    
				list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, 'peer', $rgmap);


  		




  
  757
  
    
				if ($peerid_type != 'address')


  		




  
  758
  
    
					$peerid_spec = "{$peerid_type}:{$peerid_data}";


  		




  
  759
  
    
				else


  		




  
  760
  
    
					$peerid_spec = $peerid_data;


  		




  
  761
  
    
			}


  		




  760
  762
  
    

  		




  761
  763
  
    
			if (is_array($ph1ent['encryption-algorithm']) && !empty($ph1ent['encryption-algorithm']['name']) && !empty($ph1ent['hash-algorithm'])) {


  		




  762
  764
  
    
				$ealgosp1 = '';


  		












Also available in:  Unified diff