diff options
author | Phil Davis <phil.davis@inf.org> | 2015-02-23 22:16:12 +0545 |
---|---|---|
committer | Phil Davis <phil.davis@inf.org> | 2015-02-23 22:16:12 +0545 |
commit | a087e197e6b1d93f5673b7c03f80cd6406eb06e4 (patch) | |
tree | 567c31e5616d60d44c7624008eb04be97add2550 | |
parent | 3e41ad59422020c236502e3260218fe3bee12cb9 (diff) | |
download | pfsense-a087e197e6b1d93f5673b7c03f80cd6406eb06e4.zip pfsense-a087e197e6b1d93f5673b7c03f80cd6406eb06e4.tar.gz |
OpenVPN server improve handling of authmode
Currently if the user is clicking around while they are setting up an OpenVPN server, they can do stuff like this:
a) Select Server Mode - Remote Access (SSL/TLS + User Auth)
b) Select something in Backend for authentication
c) Change their mind and select Server Mode - Peer to Peer (SSL/TLS)
d) Enter the other settings and Save
Now the OpenVPN server config has an 'authmode' key in it.
Probably does no harm, I suspect it will simply not be used when building the server.conf for Peer to Peer, but it looks a bit odd when analysing/diagnosing a config for problems.
Other fields that are mode-specific have tests to only save the values at the end if the appropriate mode is the one finally selected.
While I am here, I also constantly forget to click on "Local Database" authmode when setting up a new server. It gives the validation error message, then I click on "Local Database" again and save. Seems unnecessary - when defining a new OpenVPN server why not default this to have the first entry in the list be the one selected? So I did that. What do you think? 1 place less for many users to need to click.
-rw-r--r-- | usr/local/www/vpn_openvpn_server.php | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php index 0777cb6..cb381564 100644 --- a/usr/local/www/vpn_openvpn_server.php +++ b/usr/local/www/vpn_openvpn_server.php @@ -370,7 +370,7 @@ if ($_POST) { if ($_POST['disable'] == "yes") $server['disable'] = true; $server['mode'] = $pconfig['mode']; - if (!empty($pconfig['authmode'])) + if (!empty($pconfig['authmode']) && (($pconfig['mode'] == "server_user") || ($pconfig['mode'] == "server_tls_user"))) $server['authmode'] = implode(",", $pconfig['authmode']); $server['protocol'] = $pconfig['protocol']; $server['dev_mode'] = $pconfig['dev_mode']; @@ -798,9 +798,13 @@ if ($savemsg) <td width="22%" valign="top" class="vncellreq"><?=gettext("Backend for authentication");?></td> <td width="78%" class="vtable"> <select name='authmode[]' id='authmode' class="formselect" multiple="multiple" size="<?php echo count($auth_servers); ?>"> - <?php $authmodes = explode(",", $pconfig['authmode']); ?> <?php + $authmodes = explode(",", $pconfig['authmode']); $auth_servers = auth_get_authserver_list(); + // If no authmodes set then default to selecting the first entry in auth_servers + if (empty($authmodes[0]) && !empty(key($auth_servers))) + $authmodes[0] = key($auth_servers); + foreach ($auth_servers as $auth_server_key => $auth_server): $selected = ""; if (in_array($auth_server_key, $authmodes)) |