(ipsec, psk, mobile) several fixes from master

(cherry picked from commit 57ab36d3) (cherry picked from commit 76c66b2e) (cherry picked from commit 6e5f2354)

(ipsec, psk, mobile) several fixes from master
(cherry picked from commit 57ab36d3) (cherry picked from commit 76c66b2e) (cherry picked from commit 6e5f2354)
23d1e0ff · Ad Schellevis · Franco Fichtner · 7e9b6900 · 23d1e0ff
Commit 23d1e0ff authored Sep 29, 2016 by Ad Schellevis Committed by Franco Fichtner Oct 01, 2016
Show whitespace changes
Inline Side-by-side

Showing with 10 additions and 6 deletions

ipsec.inc src/etc/inc/ipsec.inc +10 -6

No files found.
--- a/src/etc/inc/ipsec.inc
+++ b/src/etc/inc/ipsec.inc
@@ -780,12 +780,11 @@ EOD;
                /* XXX" Traffic selectors? */
                $pskconf .= " : RSA {$ph1keyfile}\n";
            } elseif (!empty($ph1ent['pre-shared-key'])) {
-                $myid_data = ipsec_find_id($ph1ent, "local");
+                $myid = isset($ph1ent['mobile']) ? trim(ipsec_find_id($ph1ent, "local")) : "";
-                $peerid_data = ipsec_find_id($ph1ent, "peer", $rgmap);
+                $peerid_data = isset($ph1ent['mobile']) ? "%any" : ipsec_find_id($ph1ent, "peer", $rgmap);
                if (!empty($peerid_data)) {
-                    $myid = isset($ph1ent['mobile']) ? trim($myid_data) . " " : "";
+                    $pskconf .= $myid . " " . trim($peerid_data) . " : PSK 0s" . base64_encode(trim($ph1ent['pre-shared-key'])) . "\n";
-                    $pskconf .= $myid . trim($peerid_data) . " : PSK \"" . trim($ph1ent['pre-shared-key']) . "\"\n";
                }
            }
        }
@@ -794,7 +793,7 @@ EOD;
        if (isset($config['system']['user']) && is_array($config['system']['user'])) {
            foreach ($config['system']['user'] as $user) {
                if (!empty($user['ipsecpsk'])) {
-                    $pskconf .= "{$user['name']} : PSK \"{$user['ipsecpsk']}\"\n";
+                    $pskconf .= "{$user['name']} : PSK 0s".base64_encode($user['ipsecpsk'])."\n";
                }
            }
            unset($user);
@@ -803,7 +802,12 @@ EOD;
        /* add PSKs for mobile clients */
        if (isset($ipseccfg['mobilekey'])) {
            foreach ($ipseccfg['mobilekey'] as $key) {
-                $pskconf .= "{$key['ident']} : PSK \"{$key['pre-shared-key']}\"\n";
+                if (trim(strtolower($key['ident'])) == 'any') {
+                    $ident = '%any';
+                } else {
+                    $ident = $key['ident'];
+                }
+                $pskconf .= "{$ident} : PSK 0s".base64_encode($key['pre-shared-key'])."\n";
            }
            unset($key);
        }