diff options
author | jim-p <jimp@pfsense.org> | 2015-10-01 15:02:55 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2015-10-01 15:02:55 -0400 |
commit | 86330e2b9ba85930a15a2cbd5ef7e7c3d0b3f814 (patch) | |
tree | 6ac1fae88797533bb5abad6d16605bcdf031ece0 | |
parent | a83fce46fe99362e41828d65bf77b3ce52a25496 (diff) | |
download | pfsense-86330e2b9ba85930a15a2cbd5ef7e7c3d0b3f814.zip pfsense-86330e2b9ba85930a15a2cbd5ef7e7c3d0b3f814.tar.gz |
When using eap-radius, if the virtual address pool is left blank, pull the IP addresses from RADIUS instead. (Will need an IP address defined for each account.)
Doesn't seem to be possible to pull from either RADIUS *or* a local pool that I can see from experimenting and looking at strongSwan's docs.
-rw-r--r-- | src/etc/inc/vpn.inc | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/etc/inc/vpn.inc b/src/etc/inc/vpn.inc index 29c3e77..7ddd8f2 100644 --- a/src/etc/inc/vpn.inc +++ b/src/etc/inc/vpn.inc @@ -923,8 +923,12 @@ EOD; } $rightsourceip = NULL; - if (isset($ph1ent['mobile']) && !empty($a_client['pool_address'])) { - $rightsourceip = "\trightsourceip = {$a_client['pool_address']}/{$a_client['pool_netbits']}\n"; + if (isset($ph1ent['mobile'])) { + if (!empty($a_client['pool_address'])) { + $rightsourceip = "\trightsourceip = {$a_client['pool_address']}/{$a_client['pool_netbits']}\n"; + } elseif ($ph1ent['authentication_method'] == "eap-radius") { + $rightsourceip = "\trightsourceip = %radius\n"; + } } $authentication = ""; |