From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject:
 [PATCH 11/16] IPsec: Always send our host certificate to all RW clients
Date: Thu, 28 May 2020 17:58:45 +0000
Message-ID: <20200528175850.12638-12-michael.tremer@ipfire.org>
In-Reply-To: <20200528175850.12638-1-michael.tremer@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============6215768646930899582=="
List-Id: <development.lists.ipfire.org>

--===============6215768646930899582==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit

Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
---
 html/cgi-bin/vpnmain.cgi | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index 93120ea44..85c4584e1 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -350,6 +350,12 @@ sub writeipsecfiles {
 
 		print CONF "\tleftfirewall=yes\n";
 		print CONF "\tlefthostaccess=yes\n";
+
+		# Always send the host certificate
+		if ($lconfighash{$key}[3] eq 'host') {
+			print CONF "\tleftsendcert=always\n";
+		}
+
 		print CONF "\tright=$lconfighash{$key}[10]\n";
 
 		if ($lconfighash{$key}[3] eq 'net') {
-- 
2.20.1


--===============6215768646930899582==--