summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorErmal <eri@pfsense.org>2014-11-11 19:57:48 (GMT)
committerErmal <eri@pfsense.org>2014-11-11 19:57:48 (GMT)
commit63ba47297f8e59e24ff83bd5bafd3eca32f600a6 (patch)
tree48d5f45f076e2bffd56cb16534f255c4337c344b
parent1f2f38f5097a982a5432f7b6ba5ce3bd2115cfbb (diff)
downloadunivnautes-63ba47297f8e59e24ff83bd5bafd3eca32f600a6.zip
univnautes-63ba47297f8e59e24ff83bd5bafd3eca32f600a6.tar.gz
univnautes-63ba47297f8e59e24ff83bd5bafd3eca32f600a6.tar.bz2
Use leftcert for more options on IPsec authentication
-rw-r--r--etc/inc/vpn.inc6
1 files changed, 6 insertions, 0 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc
index 24fe511..8d71486 100644
--- a/etc/inc/vpn.inc
+++ b/etc/inc/vpn.inc
@@ -599,6 +599,8 @@ EOD;
case 'xauth_rsa_server':
$authentication = "leftauth = pubkey\n\trightauth = pubkey";
$authentication .= "\n\trightauth2 = xauth-generic";
+ if (!empty($ph1ent['certref']))
+ $authentication .= "\n\tleftcert={$certpath}/cert-{$ph1ent['ikeid']}.crt";
break;
case 'xauth_psk_server':
$authentication = "leftauth = psk\n\trightauth = psk";
@@ -609,10 +611,14 @@ EOD;
break;
case 'rsasig':
$authentication = "leftauth = pubkey\n\trightauth = pubkey";
+ if (!empty($ph1ent['certref']))
+ $authentication .= "\n\tleftcert={$certpath}/cert-{$ph1ent['ikeid']}.crt";
break;
case 'hybrid_rsa_server':
$authentication = "leftauth = xauth-generic\n\trightauth = pubkey";
$authentication .= "\n\trightauth2 = xauth";
+ if (!empty($ph1ent['certref']))
+ $authentication .= "\n\tleftcert={$certpath}/cert-{$ph1ent['ikeid']}.crt";
break;
}