diff options
author | John Southworth <john.southworth@vyatta.com> | 2011-01-31 13:28:38 -0600 |
---|---|---|
committer | John Southworth <john.southworth@vyatta.com> | 2011-01-31 13:28:38 -0600 |
commit | be7cd2b2405b281bc0be7a5e34d0fa42b9a13572 (patch) | |
tree | 0724a82a58c4ddfc7bdac4c8884a0a9fd66f315d | |
parent | 6aac26dccf427538fde5b435b50c6e4ed4333413 (diff) | |
download | vyatta-cfg-vpn-be7cd2b2405b281bc0be7a5e34d0fa42b9a13572.tar.gz vyatta-cfg-vpn-be7cd2b2405b281bc0be7a5e34d0fa42b9a13572.zip |
Fix problem with multiple psk being generated per peer
-rwxr-xr-x | scripts/vpn-config.pl | 34 |
1 files changed, 19 insertions, 15 deletions
diff --git a/scripts/vpn-config.pl b/scripts/vpn-config.pl index 3d4c2bf..1eee1f4 100755 --- a/scripts/vpn-config.pl +++ b/scripts/vpn-config.pl @@ -398,6 +398,7 @@ if ( $vcVPN->exists('ipsec') ) { print "VPN Warning: IPSec configured but no site-to-site peers or l2tp" . " remote-users configured\n"; } + my $prev_peer = ""; foreach my $peer (@peers) { my $peer_ike_group = $vcVPN->returnValue("ipsec site-to-site peer $peer ike-group"); @@ -913,22 +914,25 @@ if ( $vcVPN->exists('ipsec') ) { # when local-ip is dynamic then only the following generic form works $genout_secrets .= ": PSK \"$psk\"\n"; } else { - $genout_secrets .= "$lip $right "; - if ( defined ($authid) ){ - $genout_secrets .= "$authid "; - } - if ( defined ($authremoteid) ) { - $genout_secrets .= "$authremoteid "; - } - # tag the secrets lines with 3 entries so the op mode command can - # deal with them properly. (LEFT means localid, RIGHT means remoteid) - if ((!defined($authid)) && (defined($authremoteid))) { - $genout_secrets .= ": PSK \"$psk\" #RIGHT#\n"; - } elsif ((defined($authid)) && (!defined($authremoteid))) { - $genout_secrets .= ": PSK \"$psk\" #LEFT#\n"; - } else { - $genout_secrets .= ": PSK \"$psk\"\n"; + if (not ($prev_peer eq $peer)){ + $genout_secrets .= "$lip $right "; + if ( defined ($authid) ){ + $genout_secrets .= "$authid "; + } + if ( defined ($authremoteid) ) { + $genout_secrets .= "$authremoteid "; + } + # tag the secrets lines with 3 entries so the op mode command can + # deal with them properly. (LEFT means localid, RIGHT means remoteid) + if ((!defined($authid)) && (defined($authremoteid))) { + $genout_secrets .= ": PSK \"$psk\" #RIGHT#\n"; + } elsif ((defined($authid)) && (!defined($authremoteid))) { + $genout_secrets .= ": PSK \"$psk\" #LEFT#\n"; + } else { + $genout_secrets .= ": PSK \"$psk\"\n"; + } } + $prev_peer = $peer; } $genout .= "\tauthby=secret\n"; } elsif ( defined($auth_mode) && $auth_mode eq 'rsa' ) { |