From 0b1f1ec73527d30304dca552359f57f5fac6629a Mon Sep 17 00:00:00 2001
From: Michael Steenbeek <42928941+MichaelDeciso@users.noreply.github.com>
Date: Tue, 20 Nov 2018 13:26:39 +0100
Subject: [PATCH] Fix #2645: IPsec debug not working (#2941)

---
 src/etc/inc/plugins.inc.d/ipsec.inc | 24 +++++++++++++-----------
 1 file changed, 13 insertions(+), 11 deletions(-)

diff --git a/src/etc/inc/plugins.inc.d/ipsec.inc b/src/etc/inc/plugins.inc.d/ipsec.inc
index bc90e1dc1..8e850e57b 100644
--- a/src/etc/inc/plugins.inc.d/ipsec.inc
+++ b/src/etc/inc/plugins.inc.d/ipsec.inc
@@ -888,6 +888,7 @@ function ipsec_configure_do($verbose = false, $interface = '')
                 'init_limit_half_open' => 1000,
                 'ignore_acquire_ts' => 'yes',
                 'syslog' => [
+                    'identifier' => 'charon',
                     'daemon' => [
                         'ike_name' => 'yes'
                     ]
@@ -905,6 +906,18 @@ function ipsec_configure_do($verbose = false, $interface = '')
             $strongswanTree['charon']['cisco_unity'] = 'yes';
         }
 
+        // Debugging configuration
+        if (isset($ipsec_loglevels)) {
+            // lkey is the log key, which is a three-letter abbreviation of the subsystem to log, e.g. `ike`.
+            // The value will be a number between -1 (silent) and 4 (highest verbosity).
+            foreach ($ipsec_loglevels as $lkey => $ldescr) {
+                if (isset($config['ipsec']["ipsec_{$lkey}"]) && is_numeric($config['ipsec']["ipsec_{$lkey}"]) &&
+                    intval($config['ipsec']["ipsec_{$lkey}"]) >= -1 && intval($config['ipsec']["ipsec_{$lkey}"]) <= 4) {
+                    $strongswanTree['charon']['syslog']['daemon'][$lkey] = $config['ipsec']["ipsec_{$lkey}"];
+                }
+            }
+        }
+
         $strongswanTree['charon']['plugins'] = [];
 
         if (isset($a_client['enable'])) {
@@ -1116,17 +1129,6 @@ function ipsec_configure_do($verbose = false, $interface = '')
         if (count($a_phase1)) {
             $ipsecconf .= "# This file is automatically generated. Do not edit\n";
             $ipsecconf .= "config setup\n\tuniqueids = yes\n";
-            // parse debug tags
-            $cfg_loglevels = array();
-            if (isset($ipsec_loglevels)) {
-                foreach ($ipsec_loglevels as $lkey => $ldescr) {
-                    if (isset($config['ipsec']["ipsec_{$lkey}"]) && is_numeric($config['ipsec']["ipsec_{$lkey}"]) &&
-                      intval($config['ipsec']["ipsec_{$lkey}"]) >= -1 && intval($config['ipsec']["ipsec_{$lkey}"]) <= 4) {
-                          $cfg_loglevels[] = $lkey . " " . $config['ipsec']["ipsec_{$lkey}"];
-                    }
-                }
-            }
-            $ipsecconf .= "\tcharondebug=\"" .implode(',', $cfg_loglevels) . "\"\n";
 
             if (!empty($config['ipsec']['passthrough_networks'])) {
                 $ipsecconf .= "\nconn pass\n";