[11/16] IPsec: Always send our host certificate to all RW clients

Message ID 20200528175850.12638-12-michael.tremer@ipfire.org
State New
Headers show
Series
  • [01/16] IPsec: Use sane defaults for certificate lifetimes
Related show

Commit Message

Michael Tremer May 28, 2020, 5:58 p.m. UTC
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 html/cgi-bin/vpnmain.cgi | 6 ++++++
 1 file changed, 6 insertions(+)

Patch

diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index 93120ea44..85c4584e1 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -350,6 +350,12 @@  sub writeipsecfiles {
 
 		print CONF "\tleftfirewall=yes\n";
 		print CONF "\tlefthostaccess=yes\n";
+
+		# Always send the host certificate
+		if ($lconfighash{$key}[3] eq 'host') {
+			print CONF "\tleftsendcert=always\n";
+		}
+
 		print CONF "\tright=$lconfighash{$key}[10]\n";
 
 		if ($lconfighash{$key}[3] eq 'net') {