/* -----------------------------------------------------------------------------
l2tpvpn_get_pppd_args
----------------------------------------------------------------------------- */
int l2tpvpn_get_pppd_args(struct vpn_params *params)
{
CFStringRef string;
if (params->serverRef) {
/* arguments from the preferences file */
addstrparam(params->exec_args, ¶ms->next_arg_index, "l2tpmode", "answer");
string = get_cfstr_option(params->serverRef, kRASEntL2TP, kRASPropL2TPTransport);
if (string && CFEqual(string, kRASValL2TPTransportIP)) {
addparam(params->exec_args, ¶ms->next_arg_index, "l2tpnoipsec");
opt_noipsec = 1;
}
string = get_cfstr_option(params->serverRef, kRASEntL2TP, kRASPropL2TPIPSecSharedSecret);
if (string) {
CFStringGetCString(string, opt_ipsecsharedsecret, sizeof(opt_ipsecsharedsecret), kCFStringEncodingUTF8);
}
string = get_cfstr_option(params->serverRef, kRASEntL2TP, kRASPropL2TPIPSecSharedSecretEncryption);
if (string) {
if (CFEqual(string, kRASValL2TPIPSecSharedSecretEncryptionKey))
opt_ipsecsharedsecrettype = "key";
else if (CFEqual(string, kRASValL2TPIPSecSharedSecretEncryptionKeychain))
opt_ipsecsharedsecrettype = "keychain";
}
} else {
/* arguments from command line */
if (opt_noipsec)
addparam(params->exec_args, ¶ms->next_arg_index, "l2tpnoipsec");
}
return 0;
}
/* -----------------------------------------------------------------------------
l2tpvpn_get_pppd_args
----------------------------------------------------------------------------- */
int l2tpvpn_get_pppd_args(struct vpn_params *params, int reload)
{
CFStringRef string;
int noipsec = 0;
CFMutableDictionaryRef dict = NULL;
if (reload) {
noipsec = opt_noipsec;
}
if (params->serverRef) {
/* arguments from the preferences file */
addstrparam(params->exec_args, ¶ms->next_arg_index, "l2tpmode", "answer");
string = get_cfstr_option(params->serverRef, kRASEntL2TP, kRASPropL2TPTransport);
if (string && CFEqual(string, kRASValL2TPTransportIP)) {
addparam(params->exec_args, ¶ms->next_arg_index, "l2tpnoipsec");
opt_noipsec = 1;
}
dict = (CFMutableDictionaryRef)CFDictionaryGetValue(params->serverRef, kRASEntIPSec);
if (isDictionary(dict)) {
/* get the parameters from the IPSec dictionary */
dict = CFDictionaryCreateMutableCopy(0, 0, dict);
}
else {
/* get the parameters from the L2TP dictionary */
dict = CFDictionaryCreateMutable(0, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
string = get_cfstr_option(params->serverRef, kRASEntL2TP, kRASPropL2TPIPSecSharedSecretEncryption);
if (isString(string))
CFDictionarySetValue(dict, kRASPropIPSecSharedSecretEncryption, string);
string = get_cfstr_option(params->serverRef, kRASEntL2TP, kRASPropL2TPIPSecSharedSecret);
if (isString(string))
CFDictionarySetValue(dict, kRASPropIPSecSharedSecret, string);
}
} else {
/* arguments from command line */
if (opt_noipsec)
addparam(params->exec_args, ¶ms->next_arg_index, "l2tpnoipsec");
}
if (reload) {
if (noipsec != opt_noipsec ||
!CFEqual(dict, ipsec_settings)) {
vpnlog(LOG_ERR, "reload prefs - IPSec shared secret cannot be changed\n");
if (dict)
CFRelease(dict);
return -1;
}
}
if (ipsec_settings)
CFRelease(ipsec_settings);
ipsec_settings = dict;
return 0;
}