From 2a7a4b2bf04a96e4bdf6c8d06679e45844b05b60 Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Wed, 25 Apr 2018 14:25:20 +0000
Subject: [PATCH] ipsec: rewrite former resolve_retry() as ipsec_resolve()

PR: https://github.com/opnsense/core/issues/2369
---
 src/etc/inc/plugins.inc.d/ipsec.inc | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/src/etc/inc/plugins.inc.d/ipsec.inc b/src/etc/inc/plugins.inc.d/ipsec.inc
index 114d0f794..1286d2292 100644
--- a/src/etc/inc/plugins.inc.d/ipsec.inc
+++ b/src/etc/inc/plugins.inc.d/ipsec.inc
@@ -559,6 +559,19 @@ function ipsec_get_number_of_phase2($ikeid)
     return $nbph2;
 }
 
+function ipsec_resolve($hostname)
+{
+    if (!is_ipaddr($hostname)) {
+        /* XXX IPv4-only */
+        $ip = gethostbyname($hostname);
+        if ($ip && $ip != $hostname) {
+            $hostname = $ip;
+        }
+    }
+
+    return $hostname;
+}
+
 function ipsec_find_id(&$ph1ent, $side = 'local')
 {
     $id_data = null;
@@ -578,8 +591,11 @@ function ipsec_find_id(&$ph1ent, $side = 'local')
         case "myaddress":
             $thisid_data = ipsec_get_phase1_src($ph1ent);
             break;
+        case "dyn_dns":
+            $thisid_data = ipsec_resolve($id_data);
+            break;
         case "peeraddress":
-            $thisid_data = $ph1ent['remote-gateway'];
+            $thisid_data = ipsec_resolve($ph1ent['remote-gateway']);
             break;
         default:
             $thisid_data = !empty($id_data) ? "{$id_data}" : null;