diff options
| author | Ermal LUÇI <eri@pfsense.org> | 2015-01-14 17:02:19 +0100 |
|---|---|---|
| committer | Ermal LUÇI <eri@pfsense.org> | 2015-01-14 17:03:17 +0100 |
| commit | 54ab1bdcaa35e314016d7ea26ac17a5dd15a2e05 (patch) | |
| tree | 4f821c6d271aea59cd6d39161396ef7e490732af /etc | |
| parent | 38f77f4ff5f6ea9a1eda94bc0b8cd531fd23ac0f (diff) | |
| download | pfsense-54ab1bdcaa35e314016d7ea26ac17a5dd15a2e05.zip pfsense-54ab1bdcaa35e314016d7ea26ac17a5dd15a2e05.tar.gz | |
Also take care of ph1 mobile settings for eap-tls
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/vpn.inc | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 06c16fb..f37cde2 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -627,9 +627,16 @@ EOD; } break; case 'eap-tls': - $authentication = "leftauth=eap-tls\n\trightauth=eap-tls"; - if (!empty($ph1ent['certref'])) - $authentication .= "\n\tleftcert={$certpath}/cert-{$ph1ent['ikeid']}.crt"; + if (isset($ph1ent['mobile'])) { + $authentication = "eap_identity=%identity\n\t"; + $authentication .= "leftauth=pubkey\n\trightauth=eap-tls"; + if (!empty($ph1ent['certref'])) + $authentication .= "\n\tleftcert={$certpath}/cert-{$ph1ent['ikeid']}.crt"; + } else + $authentication = "leftauth=eap-tls\n\trightauth=eap-tls"; + if (!empty($ph1ent['certref'])) + $authentication .= "\n\tleftcert={$certpath}/cert-{$ph1ent['ikeid']}.crt"; + } break; case 'xauth_rsa_server': $authentication = "leftauth = pubkey\n\trightauth = pubkey"; |
