"Gateway address missing.");
return FALSE;
}
+ str = nm_setting_vpn_get_data_item(vpn, "server-port");
+ if (str && strlen(str))
+ {
+ ike.remote_port = settings_value_as_int((char*)str, ike.remote_port);
+ }
str = nm_setting_vpn_get_data_item(vpn, "virtual");
virtual = streq(str, "yes");
str = nm_setting_vpn_get_data_item(vpn, "encap");
return FALSE;
}
priv->creds->add_certificate(priv->creds, cert);
-
- x509 = (x509_t*)cert;
- if (!(x509->get_flags(x509) & X509_CA))
- { /* For a gateway certificate, we use the cert subject as identity. */
- gateway = cert->get_subject(cert);
- gateway = gateway->clone(gateway);
- DBG1(DBG_CFG, "using gateway certificate, identity '%Y'", gateway);
- }
}
else
{
priv->creds->load_ca_dir(priv->creds, lib->settings->get_str(
lib->settings, "charon-nm.ca_dir", NM_CA_DIR));
}
- if (!gateway)
+
+ str = nm_setting_vpn_get_data_item(vpn, "remote-identity");
+ if (str)
+ {
+ gateway = identification_create_from_string((char*)str);
+ }
+ else if (cert)
+ {
+ x509 = (x509_t*)cert;
+ if (!(x509->get_flags(x509) & X509_CA))
+ { /* for server certificates, we use the subject as identity */
+ gateway = cert->get_subject(cert);
+ gateway = gateway->clone(gateway);
+ }
+ }
+ if (!gateway || gateway->get_type(gateway) == ID_ANY)
{
- /* If the user configured a CA certificate, we use the IP/DNS
- * of the gateway as its identity. This identity will be used for
- * certificate lookup and requires the configured IP/DNS to be
- * included in the gateway certificate. */
+ /* if the user configured a CA certificate (or an invalid identity),
+ * we use the IP/hostname of the server */
gateway = identification_create_from_string(ike.remote);
- DBG1(DBG_CFG, "using CA certificate, gateway identity '%Y'", gateway);
loose_gateway_id = TRUE;
}
+ DBG1(DBG_CFG, "using gateway identity '%Y'", gateway);
if (auth_class == AUTH_CLASS_EAP ||
auth_class == AUTH_CLASS_PSK)
return FALSE;
}
}
- /* ... or certificate/private key authenitcation */
+ /* ... or certificate/private key authentication */
else if ((str = nm_setting_vpn_get_data_item(vpn, "usercert")))
{
public_key_t *public;