From 76c66b2e0c2f651f68285b2ed7485f7cc427833a Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Fri, 30 Sep 2016 08:58:08 +0200
Subject: [PATCH] (ipsec, mobile) bug in writing out psk for mobile clients

---
 src/etc/inc/ipsec.inc | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/etc/inc/ipsec.inc b/src/etc/inc/ipsec.inc
index 7f657ca3b..68e5bfebd 100644
--- a/src/etc/inc/ipsec.inc
+++ b/src/etc/inc/ipsec.inc
@@ -780,11 +780,10 @@ EOD;
                 /* XXX" Traffic selectors? */
                 $pskconf .= " : RSA {$ph1keyfile}\n";
             } elseif (!empty($ph1ent['pre-shared-key'])) {
-                $myid_data = ipsec_find_id($ph1ent, "local");
-                $peerid_data = ipsec_find_id($ph1ent, "peer", $rgmap);
+                $myid = isset($ph1ent['mobile']) ? trim(ipsec_find_id($ph1ent, "local")) : "";
+                $peerid_data = isset($ph1ent['mobile']) ? "%any" : ipsec_find_id($ph1ent, "peer", $rgmap);
 
                 if (!empty($peerid_data)) {
-                    $myid = isset($ph1ent['mobile']) ? trim($myid_data) . " " : "";
                     $pskconf .= $myid . trim($peerid_data) . " : PSK 0s" . base64_encode(trim($ph1ent['pre-shared-key'])) . "\n";
                 }
             }