Add a workaround for ticket #4785:

There was a regression on strongswan between 5.3.0 and 5.3.2 as reported at [1]. To workaround this issue, add an extra line on ipsec.secrets with right fqdn.
pfsense · Jun 23, 2015 · 29c9e14 · 29c9e14
1 parent c598160
commit 29c9e14
Showing 1 changed file with 18 additions and 4 deletions.
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc
@@ -579,12 +579,26 @@ EOD;
 				if (empty($peerid_data))
 					continue;
 
+				if ($myid_type == 'fqdn' && !empty($myid)) {
+					$myid = "@{$myid}";
+				}
+
 				$peerid = ($peerid_data != 'allusers') ? trim($peerid_data) : '';
+
+				if ($peerid_type == 'fqdn' && !empty($peerid)) {
+					$peerid = "@{$peerid}";
+				}
+
 				if (!empty($ph1ent['pre-shared-key'])) {
-					if ($myid_type == 'fqdn' && !empty($myid))
-						$pskconf .= "@{$myid} {$peerid} : PSK 0s" . base64_encode(trim($ph1ent['pre-shared-key'])) . "\n";
-					else
-						$pskconf .= "{$myid} {$peerid} : PSK 0s" . base64_encode(trim($ph1ent['pre-shared-key'])) . "\n";
+					$pskconf .= "{$myid} {$peerid} : PSK 0s" . base64_encode(trim($ph1ent['pre-shared-key'])) . "\n";
+
+					/*
+					 * XXX: Remove after following strongswan issue is fixed:
+					 *https://wiki.strongswan.org/issues/1004
+					 */
+					if ($peerid_type == 'address' && is_fqdn($ph1ent['remote-gateway'])) {
+						$pskconf .= "{$myid} @{$ph1ent['remote-gateway']} : PSK 0s" . base64_encode(trim($ph1ent['pre-shared-key'])) . "\n";
+					}
 				}
 			}
 		}