2 files changed, 24 insertions, 2 deletions

diff --git a/security/ipsec-tools/Makefile b/security/ipsec-tools/Makefile
index 9a55c71079f7..716d2b0df335 100644
--- a/security/ipsec-tools/Makefile
+++ b/security/ipsec-tools/Makefile
@@ -8,7 +8,7 @@
 
 PORTNAME=	ipsec-tools
 PORTVERSION=	0.8.2
-PORTREVISION=	9
+PORTREVISION=	10
 CATEGORIES=	security
 MASTER_SITES=	SF
 
@@ -77,8 +77,8 @@ LDAP_CONFIGURE_OFF=	--without-libldap
 SAUNSPEC_CONFIGURE_ENABLE=	samode-unspec
 RC5_CONFIGURE_ENABLE=		rc5
 IDEA_CONFIGURE_ENABLE=		idea
-WCPSKEY_EXTRA_PATCHES=		${FILESDIR}/wildcard-psk.diff
 NATT_EXTRA_PATCHES=		${FILESDIR}/natt.diff
+WCPSKEY_EXTRA_PATCHES=	${FILESDIR}/wildcard-psk.diff ${FILESDIR}/wildcard-psk-oakley.c.diff
 
 .include <bsd.port.pre.mk>
 
diff --git a/security/ipsec-tools/files/wildcard-psk-oakley.c.diff b/security/ipsec-tools/files/wildcard-psk-oakley.c.diff
new file mode 100644
index 000000000000..ca32e5dc4e02
--- /dev/null
+++ b/security/ipsec-tools/files/wildcard-psk-oakley.c.diff
@@ -0,0 +1,22 @@
+--- src/racoon/oakley.c.orig	2012-08-29 18:35:09.000000000 +0700
++++ src/racoon/oakley.c	2019-07-01 11:03:18.864245000 +0700
+@@ -2400,7 +2400,19 @@ oakley_skeyid(iph1)
+ 	case OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_R:
+ #endif
+ 		if (iph1->etype != ISAKMP_ETYPE_IDENT) {
++		  struct ipsecdoi_id_b *id_b;
++
++		  id_b = (struct ipsecdoi_id_b *)iph1->id_p->v;
++		  if (id_b->type != IPSECDOI_ID_IPV4_ADDR &&
++		      id_b->type != IPSECDOI_ID_IPV6_ADDR)
+ 			iph1->authstr = getpskbyname(iph1->id_p);
++		  else {
++		    struct sockaddr addr;
++		    u_int16_t ul_proto;
++		    u_int8_t prefix;
++		    if (!ipsecdoi_id2sockaddr(iph1->id_p, &addr, &prefix, &ul_proto))
++			iph1->authstr = getpskbyaddr(&addr);
++		  }
+ 			if (iph1->authstr == NULL) {
+ 				if (iph1->rmconf->verify_identifier) {
+ 					plog(LLV_ERROR, LOCATION, iph1->remote,