summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatt Smith <mgsmith@netgate.com>2015-10-19 11:22:35 -0500
committerMatt Smith <mgsmith@netgate.com>2015-10-19 11:23:17 -0500
commit0e8674d0db51dd7f7ae8a5e5640b7cea7ccd2c64 (patch)
tree9790b07d625fab5b026745cffe5af999ef8a34f0
parent28c54319caab5374fd87973e304ef083aa46653e (diff)
downloadpfsense-0e8674d0db51dd7f7ae8a5e5640b7cea7ccd2c64.zip
pfsense-0e8674d0db51dd7f7ae8a5e5640b7cea7ccd2c64.tar.gz
Validate that the Mobile Client settings have a valid RADIUS server selected
as the source for user authentication when EAP-RADIUS is selected as the phase 1 authentication method for mobile IPsec. Fixes #5219.
-rw-r--r--usr/local/www/vpn_ipsec_phase1.php11
1 files changed, 11 insertions, 0 deletions
diff --git a/usr/local/www/vpn_ipsec_phase1.php b/usr/local/www/vpn_ipsec_phase1.php
index 8549805..7834315 100644
--- a/usr/local/www/vpn_ipsec_phase1.php
+++ b/usr/local/www/vpn_ipsec_phase1.php
@@ -342,6 +342,17 @@ if ($_POST) {
}
}
+ /* auth backend for mobile eap-radius VPNs should be a RADIUS server */
+
+ if (($pconfig['authentication_method'] == 'eap-radius') && $pconfig['mobile']) {
+ $auth_server_name = $config['ipsec']['client']['user_source'];
+ $auth_server = auth_get_authserver($auth_server_name);
+ if (!is_array($auth_server) || ($auth_server['type'] != 'radius')) {
+ $input_errors[] = gettext("A valid RADIUS server must be selected for user authentication on the Mobile Clients tab in order to set EAP-RADIUS as the authentication method.");
+ }
+ }
+
+
/* build our encryption algorithms array */
$pconfig['ealgo'] = array();
$pconfig['ealgo']['name'] = $_POST['ealgo'];
OpenPOWER on IntegriCloud