From: Michael Tremer Date: Tue, 15 Jan 2013 14:45:29 +0000 (+0100) Subject: vpnmain.cgi: Allow to use PSK if public IP is '%defaultroute'. X-Git-Tag: v2.13-beta2~7 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b2531cb080d5e44df059c7ba2431ce6d702249e7;p=people%2Fms%2Fipfire-2.x.git vpnmain.cgi: Allow to use PSK if public IP is '%defaultroute'. Openswan did not support to use PSKs on net-to-net connections, when the public IP of the IPFire box was "%defaultroute". However, it is required to set the public IP to "%defaultroute" on NAT-ed devices (such as UMTS connections in Germany) to connect to other sites as the IPFire box does not know the real public IP address. --- diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi index e9d114b12f..e29400a1ae 100755 --- a/html/cgi-bin/vpnmain.cgi +++ b/html/cgi-bin/vpnmain.cgi @@ -1987,8 +1987,6 @@ END ; &Header::closebox(); } elsif (! $cgiparams{'KEY'}) { - my $pskdisabled = ($vpnsettings{'VPN_IP'} eq '%defaultroute') ? "disabled='disabled'" : '' ; - $cgiparams{'PSK'} = $Lang::tr{'vpn incompatible use of defaultroute'} if ($pskdisabled); my $cakeydisabled = ( ! -f "${General::swroot}/private/cakey.pem" ) ? "disabled='disabled'" : ''; $cgiparams{'CERT_NAME'} = $Lang::tr{'vpn no full pki'} if ($cakeydisabled); my $cacrtdisabled = ( ! -f "${General::swroot}/ca/cacert.pem" ) ? "disabled='disabled'" : ''; @@ -1996,9 +1994,9 @@ END &Header::openbox('100%', 'left', $Lang::tr{'authentication'}); print < - + $Lang::tr{'use a pre-shared key'} - +
$Lang::tr{'upload a certificate request'}