(ipsec, psk, mobile) several fixes from master

(cherry picked from commit 57ab36d) (cherry picked from commit 76c66b2) (cherry picked from commit 6e5f235)
opnsense · Oct 1, 2016 · 23d1e0f · 23d1e0f
1 parent 7e9b690
commit 23d1e0f
Showing 1 changed file with 10 additions and 6 deletions.
diff --git a/src/etc/inc/ipsec.inc b/src/etc/inc/ipsec.inc
@@ -780,12 +780,11 @@ EOD;
                 /* XXX" Traffic selectors? */
                 $pskconf .= " : RSA {$ph1keyfile}\n";
             } elseif (!empty($ph1ent['pre-shared-key'])) {
-                $myid_data = ipsec_find_id($ph1ent, "local");
-                $peerid_data = ipsec_find_id($ph1ent, "peer", $rgmap);
+                $myid = isset($ph1ent['mobile']) ? trim(ipsec_find_id($ph1ent, "local")) : "";
+                $peerid_data = isset($ph1ent['mobile']) ? "%any" : ipsec_find_id($ph1ent, "peer", $rgmap);
 
                 if (!empty($peerid_data)) {
-                    $myid = isset($ph1ent['mobile']) ? trim($myid_data) . " " : "";
-                    $pskconf .= $myid . trim($peerid_data) . " : PSK \"" . trim($ph1ent['pre-shared-key']) . "\"\n";
+                    $pskconf .= $myid . " " . trim($peerid_data) . " : PSK 0s" . base64_encode(trim($ph1ent['pre-shared-key'])) . "\n";
                 }
             }
         }
@@ -794,7 +793,7 @@ EOD;
         if (isset($config['system']['user']) && is_array($config['system']['user'])) {
             foreach ($config['system']['user'] as $user) {
                 if (!empty($user['ipsecpsk'])) {
-                    $pskconf .= "{$user['name']} : PSK \"{$user['ipsecpsk']}\"\n";
+                    $pskconf .= "{$user['name']} : PSK 0s".base64_encode($user['ipsecpsk'])."\n";
                 }
             }
             unset($user);
@@ -803,7 +802,12 @@ EOD;
         /* add PSKs for mobile clients */
         if (isset($ipseccfg['mobilekey'])) {
             foreach ($ipseccfg['mobilekey'] as $key) {
-                $pskconf .= "{$key['ident']} : PSK \"{$key['pre-shared-key']}\"\n";
+                if (trim(strtolower($key['ident'])) == 'any') {
+                    $ident = '%any';
+                } else {
+                    $ident = $key['ident'];
+                }
+                $pskconf .= "{$ident} : PSK 0s".base64_encode($key['pre-shared-key'])."\n";
             }
             unset($key);
         }