From b2531cb080d5e44df059c7ba2431ce6d702249e7 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 15 Jan 2013 15:45:29 +0100 Subject: [PATCH] vpnmain.cgi: Allow to use PSK if public IP is '%defaultroute'. Openswan did not support to use PSKs on net-to-net connections, when the public IP of the IPFire box was "%defaultroute". However, it is required to set the public IP to "%defaultroute" on NAT-ed devices (such as UMTS connections in Germany) to connect to other sites as the IPFire box does not know the real public IP address. --- html/cgi-bin/vpnmain.cgi | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi index e9d114b12..e29400a1a 100755 --- a/html/cgi-bin/vpnmain.cgi +++ b/html/cgi-bin/vpnmain.cgi @@ -1987,8 +1987,6 @@ END ; &Header::closebox(); } elsif (! $cgiparams{'KEY'}) { - my $pskdisabled = ($vpnsettings{'VPN_IP'} eq '%defaultroute') ? "disabled='disabled'" : '' ; - $cgiparams{'PSK'} = $Lang::tr{'vpn incompatible use of defaultroute'} if ($pskdisabled); my $cakeydisabled = ( ! -f "${General::swroot}/private/cakey.pem" ) ? "disabled='disabled'" : ''; $cgiparams{'CERT_NAME'} = $Lang::tr{'vpn no full pki'} if ($cakeydisabled); my $cacrtdisabled = ( ! -f "${General::swroot}/ca/cacert.pem" ) ? "disabled='disabled'" : ''; @@ -1996,9 +1994,9 @@ END &Header::openbox('100%', 'left', $Lang::tr{'authentication'}); print < - + $Lang::tr{'use a pre-shared key'} - +
$Lang::tr{'upload a certificate request'} -- 2.39.2