Nightly 2.2-BETA 20141108-0611 ipsec leftcert missing (with solution)



  • Hi All:
    In testing 2.2 I noticed the following and I wanted to make sure it's on everybody's radar.  After searching the forum for a solution I went digging. 
    Here's what I found:
    leftcert is missing from the ipsec.conf file, it appears that the following lines are missing in vpn.inc for case 'xauth_rsa_server' and possibly case 'hybrid_rsa_server' (I don't use this so I can't test).

    if (!empty($ph1ent['certref']))
      $authentication .= "\n\tleftcert = {$certpath}/cert-{$ph1ent['ikeid']}.crt";
    
    

    With this change I am again able to use my on-demand iOS vpn and other RSA authenticated tunnels.



  • That's the area I'm getting back to next actually, I'll get a fix in for that early this week. Thanks for the report.



  • Can you please test if it works correctly with new snapshots?
    The cahnge has been merged.