diff options
| author | Stig Thormodsrud <stig@vyatta.com> | 2009-05-26 18:49:57 -0700 |
|---|---|---|
| committer | Stig Thormodsrud <stig@vyatta.com> | 2009-05-26 18:49:57 -0700 |
| commit | 7c180d594a04e62e1a2dee805380913367233926 (patch) | |
| tree | b9b5a14190637bb54171e92e9cf3110d75213520 /scripts | |
| parent | 5bf634dbc46e8c29381758d91da52beea63e09be (diff) | |
| download | vyatta-cfg-vpn-7c180d594a04e62e1a2dee805380913367233926.tar.gz vyatta-cfg-vpn-7c180d594a04e62e1a2dee805380913367233926.zip | |
Fix 3836: Allow VPN authentication ID to accept values of IP address, domain name and "" enclosed phrases
Diffstat (limited to 'scripts')
| -rwxr-xr-x | scripts/vpn-config.pl | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/scripts/vpn-config.pl b/scripts/vpn-config.pl index 0f40210..d65f977 100755 --- a/scripts/vpn-config.pl +++ b/scripts/vpn-config.pl @@ -377,6 +377,8 @@ if ($vcVPN->exists('ipsec')) { my $lip = $vcVPN->returnValue("ipsec site-to-site peer $peer local-ip"); my $authid = $vcVPN->returnValue( "ipsec site-to-site peer $peer authentication id"); + my $authremoteid = $vcVPN->returnValue( + "ipsec site-to-site peer $peer authentication remote-id"); if (!defined($lip) || $lip eq "") { $error = 1; print STDERR "VPN configuration error. No local-ip specified for peer \"$peer\"\n"; @@ -447,11 +449,13 @@ if ($vcVPN->exists('ipsec')) { if ($peer =~ /^\@/) { # peer is an "ID" $rightid = $peer; - } + $any_peer = 1; + } elsif ($authremoteid) { + $rightid = $authremoteid; + } if (($peer eq 'any') or ($peer eq '0.0.0.0') - or defined($rightid)) { + or $any_peer == 1) { $right = '%any'; - $any_peer = 1; } else { $right = $peer; } @@ -720,6 +724,9 @@ if ($vcVPN->exists('ipsec')) { ? "$authid" : $lip; $genout_secrets .= "$index1 $right : PSK \"$psk\"\n"; } + if (defined($lip) and defined($authremoteid)) { + $genout_secrets .= "$lip $authremoteid : PSK \"$psk\"\n"; + } $genout .= "\tauthby=secret\n"; } elsif (defined($auth_mode) && $auth_mode eq 'rsa') { |