diff options
author | Ermal LUÇI <eri@pfsense.org> | 2015-01-14 17:02:19 +0100 |
---|---|---|
committer | Ermal LUÇI <eri@pfsense.org> | 2015-01-14 17:03:08 +0100 |
commit | eb26d3102d895cb26c064a6ad9ddc99346b0b718 (patch) | |
tree | 93da8018295346c3ad527127aef6a7d50b26de48 /etc/inc | |
parent | 6e0a0ab34789ac743333b545b64c9076c2d06e53 (diff) | |
download | pfsense-eb26d3102d895cb26c064a6ad9ddc99346b0b718.zip pfsense-eb26d3102d895cb26c064a6ad9ddc99346b0b718.tar.gz |
Also take care of ph1 mobile settings for eap-tls
Diffstat (limited to 'etc/inc')
-rw-r--r-- | etc/inc/vpn.inc | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 1e3335d..4682bcc 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -617,9 +617,16 @@ EOD; $authentication = ""; switch ($ph1ent['authentication_method']) { case 'eap-tls': - $authentication = "leftauth=eap-tls\n\trightauth=eap-tls"; - if (!empty($ph1ent['certref'])) - $authentication .= "\n\tleftcert={$certpath}/cert-{$ph1ent['ikeid']}.crt"; + if (isset($ph1ent['mobile'])) { + $authentication = "eap_identity=%identity\n\t"; + $authentication .= "leftauth=pubkey\n\trightauth=eap-tls"; + if (!empty($ph1ent['certref'])) + $authentication .= "\n\tleftcert={$certpath}/cert-{$ph1ent['ikeid']}.crt"; + } else + $authentication = "leftauth=eap-tls\n\trightauth=eap-tls"; + if (!empty($ph1ent['certref'])) + $authentication .= "\n\tleftcert={$certpath}/cert-{$ph1ent['ikeid']}.crt"; + } break; case 'xauth_rsa_server': $authentication = "leftauth = pubkey\n\trightauth = pubkey"; |