diff options
| author | Mohit Mehta <mohit.mehta@vyatta.com> | 2009-12-04 18:45:17 -0800 |
|---|---|---|
| committer | Mohit Mehta <mohit.mehta@vyatta.com> | 2010-01-12 16:56:39 -0800 |
| commit | 089294082d982b3375bf34ebb9f53dcc0a1a4ffa (patch) | |
| tree | e73cf735f91b7c114595047fe9c19847381d0dc6 /scripts | |
| parent | 1b24da8c4e6528db464d677af0ed01912a0a66eb (diff) | |
| download | vyatta-cfg-vpn-089294082d982b3375bf34ebb9f53dcc0a1a4ffa.tar.gz vyatta-cfg-vpn-089294082d982b3375bf34ebb9f53dcc0a1a4ffa.zip | |
* remove extraneous unused code
* use @id for identification when it's specified.
It can be used even if local-ip is not 0.0.0.0
* extend syntax check for id to allow specifying hostnames
* fix ipsec.secrets generation -
if specified always use ids for local and remote peer
(cherry picked from commit 3e7a4e45af00c11e6009d38fd97c67c2de0fa145)
Diffstat (limited to 'scripts')
| -rwxr-xr-x | scripts/vpn-config.pl | 23 |
1 files changed, 4 insertions, 19 deletions
diff --git a/scripts/vpn-config.pl b/scripts/vpn-config.pl index 87ee389..6c23924 100755 --- a/scripts/vpn-config.pl +++ b/scripts/vpn-config.pl @@ -412,7 +412,6 @@ if ( $vcVPN->exists('ipsec') ) { # # Connection configurations # - my $wildcard_psk = undef; my @peers = $vcVPN->listNodes('ipsec site-to-site peer'); if ( @peers == 0 && !($vcVPN->exists('l2tp')) ) { print @@ -521,6 +520,7 @@ if ( $vcVPN->exists('ipsec') ) { } } else { $genout .= "\tleft=$lip\n"; + $genout .= "\tleftid=$authid\n" if defined $authid; } } @@ -824,27 +824,12 @@ if ( $vcVPN->exists('ipsec') ) { or ( $peer =~ /^\@/ ) ) { $right = '%any'; - if ( defined($wildcard_psk) ) { - if ( $wildcard_psk ne $psk ) { - $error = 1; - print STDERR "$vpn_cfg_err " - . 'All dynamic peers must have the same ' - . "'pre-shared-secret'.\n"; - } - } else { - $wildcard_psk = $psk; - } } else { $right = $peer; } - if ( defined $lip ) { - my $index1 = - ( $lip eq '0.0.0.0' && defined($authid) ) ? "$authid" : $lip; - $genout_secrets .= "$index1 $right : PSK \"$psk\"\n"; - } - if ( defined($lip) and defined($authremoteid) ) { - $genout_secrets .= "$lip $authremoteid : PSK \"$psk\"\n"; - } + my $index1 = ( defined($authid) ) ? "$authid" : $lip; + my $index2 = ( defined($authremoteid) ) ? "$authremoteid" : $right; + $genout_secrets .= "$index1 $index2 : PSK \"$psk\"\n"; $genout .= "\tauthby=secret\n"; } elsif ( defined($auth_mode) && $auth_mode eq 'rsa' ) { |