From 63ba47297f8e59e24ff83bd5bafd3eca32f600a6 Mon Sep 17 00:00:00 2001
From: Ermal <eri@pfsense.org>
Date: Tue, 11 Nov 2014 20:57:48 +0100
Subject: [PATCH] Use leftcert for more options on IPsec authentication

---
 etc/inc/vpn.inc | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc
index 24fe51195..8d71486fc 100644
--- a/etc/inc/vpn.inc
+++ b/etc/inc/vpn.inc
@@ -599,6 +599,8 @@ EOD;
 				case 'xauth_rsa_server':
 					$authentication = "leftauth = pubkey\n\trightauth = pubkey";
 					$authentication .= "\n\trightauth2 = xauth-generic";
+					if (!empty($ph1ent['certref']))
+						$authentication .= "\n\tleftcert={$certpath}/cert-{$ph1ent['ikeid']}.crt";
 					break;
 				case 'xauth_psk_server':
 					$authentication = "leftauth = psk\n\trightauth = psk";
@@ -609,10 +611,14 @@ EOD;
 					break;
 				case 'rsasig':
 					$authentication = "leftauth = pubkey\n\trightauth = pubkey";
+					if (!empty($ph1ent['certref']))
+						$authentication .= "\n\tleftcert={$certpath}/cert-{$ph1ent['ikeid']}.crt";
 					break;
 				case 'hybrid_rsa_server':
 					$authentication = "leftauth = xauth-generic\n\trightauth = pubkey";
 					$authentication .= "\n\trightauth2 = xauth";
+					if (!empty($ph1ent['certref']))
+						$authentication .= "\n\tleftcert={$certpath}/cert-{$ph1ent['ikeid']}.crt";
 					break;
 				}