diff options
| author | jim-p <jimp@pfsense.org> | 2015-10-01 15:02:55 -0400 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2015-10-01 19:54:10 -0400 |
| commit | 7788baf845e35b3694846646476a03bb7e16c474 (patch) | |
| tree | 6bd55e8f3e74509a349cf746a3220e45ea68f893 /etc | |
| parent | 46545f30a002d587b6fc680d89ac404a466c41b5 (diff) | |
| download | pfsense-7788baf845e35b3694846646476a03bb7e16c474.zip pfsense-7788baf845e35b3694846646476a03bb7e16c474.tar.gz | |
When using eap-radius, if the virtual address pool is left blank, pull the IP addresses from RADIUS instead. (Will need an IP address defined for each account.) Doesn't seem to be possible to pull from either RADIUS *or* a local pool that I can see from experimenting and looking at strongSwan's docs.
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/vpn.inc | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 4a0b14d..45b27ff 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -929,8 +929,12 @@ EOD; } $rightsourceip = NULL; - if (isset($ph1ent['mobile']) && !empty($a_client['pool_address'])) { - $rightsourceip = "\trightsourceip = {$a_client['pool_address']}/{$a_client['pool_netbits']}\n"; + if (isset($ph1ent['mobile'])) { + if (!empty($a_client['pool_address'])) { + $rightsourceip = "\trightsourceip = {$a_client['pool_address']}/{$a_client['pool_netbits']}\n"; + } elseif ($ph1ent['authentication_method'] == "eap-radius") { + $rightsourceip = "\trightsourceip = %radius\n"; + } } $authentication = ""; |
