Use AUTH_RULE_IDENTITY_LOOSE in NetworkManager backend
[strongswan.git] / src / charon-nm / nm / nm_service.c
index 2eef51a..fd96f43 100644 (file)
@@ -277,7 +277,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
        auth_class_t auth_class = AUTH_CLASS_EAP;
        certificate_t *cert = NULL;
        x509_t *x509;
-       bool agent = FALSE, smartcard = FALSE;
+       bool agent = FALSE, smartcard = FALSE, loose_gateway_id = FALSE;
        lifetime_cfg_t lifetime = {
                .time = {
                        .life = 10800 /* 3h */,
@@ -380,6 +380,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
                 * included in the gateway certificate. */
                gateway = identification_create_from_string((char*)address);
                DBG1(DBG_CFG, "using CA certificate, gateway identity '%Y'", gateway);
+               loose_gateway_id = TRUE;
        }
 
        if (auth_class == AUTH_CLASS_EAP)
@@ -507,7 +508,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
                                        600, 600, /* jitter, over 10min */
                                        TRUE, FALSE, /* mobike, aggressive */
                                        0, 0, /* DPD delay, timeout */
-                                       NULL, FALSE, NULL, NULL); /* pool, mediation */
+                                       FALSE, NULL, NULL); /* mediation */
        if (virtual)
        {
                peer_cfg->add_virtual_ip(peer_cfg, host_create_from_string("0.0.0.0", 0));
@@ -519,6 +520,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
        auth = auth_cfg_create();
        auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
        auth->add(auth, AUTH_RULE_IDENTITY, gateway);
+       auth->add(auth, AUTH_RULE_IDENTITY_LOOSE, loose_gateway_id);
        peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
 
        child_cfg = child_cfg_create(priv->name, &lifetime,