diff options
author | Ermal LUÇI <eri@pfsense.org> | 2015-01-14 12:27:48 +0100 |
---|---|---|
committer | Ermal LUÇI <eri@pfsense.org> | 2015-01-15 09:29:40 +0100 |
commit | f579c0fb422b5db64392d636f1977ee093553698 (patch) | |
tree | 41407fd357ed1a975579c6027ab45551b2835ea7 /etc/inc/vpn.inc | |
parent | 88a46519d9b3eec4b8433c394d87e09963c6a9d0 (diff) | |
download | pfsense-f579c0fb422b5db64392d636f1977ee093553698.zip pfsense-f579c0fb422b5db64392d636f1977ee093553698.tar.gz |
Add EAP-MSChapv2 implementation for Windows ipsec support as reported here https://forum.pfsense.org/index.php?topic=81657.15
Diffstat (limited to 'etc/inc/vpn.inc')
-rw-r--r-- | etc/inc/vpn.inc | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 611f580..61e338d 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -516,7 +516,9 @@ EOD; foreach ($ipseccfg['mobilekey'] as $key) { if ($key['ident'] == "allusers") $key['ident'] = '%any'; - $pskconf .= "%any {$key['ident']} : PSK 0s" . base64_encode($key['pre-shared-key']) . "\n"; + if (empty($key['type'])) + $key['type'] = 'PSK'; + $pskconf .= "%any {$key['ident']} : {$key['type']} 0s" . base64_encode($key['pre-shared-key']) . "\n"; } unset($key); } @@ -616,6 +618,14 @@ EOD; $authentication = ""; switch ($ph1ent['authentication_method']) { + case 'eap-mschapv2': + if (isset($ph1ent['mobile'])) { + $authentication = "eap_identity=%any\n\t"; + $authentication .= "leftauth=pubkey\n\trightauth=eap-mschapv2"; + if (!empty($ph1ent['certref'])) + $authentication .= "\n\tleftcert={$certpath}/cert-{$ph1ent['ikeid']}.crt"; + } + break; case 'eap-tls': if (isset($ph1ent['mobile'])) { $authentication = "eap_identity=%identity\n\t"; |