- This adds the base64 encoded PSK into the config file and when the ipsec.secrets file is created the PSK is base64 decoded to write it to the file. The ipsec.secrets file surrounds the PSK with single quotation marks so that character is not allowed to be used in the PSK but anything else can be. - Tested out on my vm system and shown to be working. New PSK with various characters characters including commas was base64 encoded before putting into the config file and therefore was accepted by the code. If a single quotation mark was used in the PSK then the error message about invalid characters was shown.
Fixes: Bug13029 Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- html/cgi-bin/vpnmain.cgi | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) mode change 100644 => 100755 html/cgi-bin/vpnmain.cgi
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi old mode 100644 new mode 100755 index 25e0f0a53..bde5e11bc --- a/html/cgi-bin/vpnmain.cgi +++ b/html/cgi-bin/vpnmain.cgi @@ -481,7 +481,8 @@ sub writeipsecfiles { if ($lconfighash{$key}[4] eq 'psk') { $psk_line = ($lconfighash{$key}[7] ? $lconfighash{$key}[7] : $localside) . " " ; $psk_line .= $lconfighash{$key}[9] ? $lconfighash{$key}[9] : $lconfighash{$key}[10]; #remoteid or remote address? - $psk_line .= " : PSK '$lconfighash{$key}[5]'\n"; + my $decoded_psk = MIME::Base64::decode_base64($lconfighash{$key}[5]); + $psk_line .= " : PSK '$decoded_psk'\n"; # if the line contains %any, it is less specific than two IP or ID, so move it at end of file. if ($psk_line =~ /%any/) { $last_secrets .= $psk_line; @@ -2260,7 +2261,7 @@ END $confighash{$key}[3] = $cgiparams{'TYPE'}; if ($cgiparams{'AUTH'} eq 'psk') { $confighash{$key}[4] = 'psk'; - $confighash{$key}[5] = $cgiparams{'PSK'}; + $confighash{$key}[5] = MIME::Base64::encode_base64($cgiparams{'PSK'}, ""); } else { $confighash{$key}[4] = 'cert'; }