diff options
| author | Ermal Luçi <eri@pfsense.org> | 2010-03-02 20:48:45 +0000 |
|---|---|---|
| committer | Ermal Luçi <eri@pfsense.org> | 2010-03-02 20:48:45 +0000 |
| commit | 54b9de56fecdfeb8848bbe65e28401e8c73ac367 (patch) | |
| tree | fbc71ebf2c269ba10e3ee42f281d5f23e5676bbd | |
| parent | acee624f83b0ce13e4eb897640353c95826e7876 (diff) | |
| download | pfsense-54b9de56fecdfeb8848bbe65e28401e8c73ac367.zip pfsense-54b9de56fecdfeb8848bbe65e28401e8c73ac367.tar.gz | |
Allow openvpn server to authenticate only based on username/password credentials.
| -rw-r--r-- | etc/inc/openvpn.inc | 4 | ||||
| -rw-r--r-- | usr/local/www/vpn_openvpn_server.php | 13 |
2 files changed, 14 insertions, 3 deletions
diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index 081e109..8ec9bbe 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -75,7 +75,7 @@ $openvpn_server_modes = array( 'p2p_tls' => "Peer to Peer ( SSL/TLS )", 'p2p_shared_key' => "Peer to Peer ( Shared Key )", 'server_tls' => "Remote Access ( SSL/TLS )", -// 'server_user' => "Remote Access ( User Auth )", + 'server_user' => "Remote Access ( User Auth )", 'server_tls_user' => "Remote Access ( SSL/TLS + User Auth )"); $openvpn_client_modes = array( @@ -392,7 +392,7 @@ function openvpn_reconfigure($mode,& $settings) { $sed .= ");"; mwexec("/bin/cat /etc/inc/openvpn.auth-user.php | /usr/bin/sed 's/\/\/<template>/{$sed}/g' > {$g['varetc_path']}/openvpn/{$mode_id}.php"); mwexec("/bin/chmod a+x {$g['varetc_path']}/openvpn/{$mode_id}.php"); - $conf .= "auth-user-pass-verify {$g['varetc_path']}/openvpn//{$mode_id}.php via-env\n"; + $conf .= "auth-user-pass-verify {$g['varetc_path']}/openvpn/{$mode_id}.php via-env\n"; break; } diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php index 87328e0..734c66c 100644 --- a/usr/local/www/vpn_openvpn_server.php +++ b/usr/local/www/vpn_openvpn_server.php @@ -173,6 +173,13 @@ if ($_POST) { else $tls_mode = false; + if (!empty($pconfig['authmode'])) { + foreach ($pconfig['authmode'] as $pauthmode) { + if ($pauthmode != "local" && $pconfig['mode'] == "server_tls_user") + $input_errors[] = "Only 'Local authentication database' is allowed with " . $openvpn_server_modes[$pconfig['mode']]; + } + } + /* input validation */ if ($result = openvpn_validate_port($pconfig['local_port'], 'Local port')) $input_errors[] = $result; @@ -382,7 +389,11 @@ function mode_change() { case "server_user": case "server_tls_user": document.getElementById("authmodetr").style.display=""; - /* FALL THROUGH */ + document.getElementById("client_opts").style.display=""; + document.getElementById("remote_opts").style.display="none"; + break; + case "server_tls": + document.getElementById("authmodetr").style.display="none"; default: document.getElementById("client_opts").style.display=""; document.getElementById("remote_opts").style.display="none"; |
