diff options
author | Matt Smith <mgsmith@netgate.com> | 2015-10-19 11:12:28 -0500 |
---|---|---|
committer | Matt Smith <mgsmith@netgate.com> | 2015-10-19 11:23:59 -0500 |
commit | fce93905bf73265546803ca961fc60135a8b95a9 (patch) | |
tree | 134f342a8c4969a85f47fd8a9ad158376642f944 /src/usr/local | |
parent | 42d59a5da504e4e7f8914ae63968c1871ad33014 (diff) | |
download | pfsense-fce93905bf73265546803ca961fc60135a8b95a9.zip pfsense-fce93905bf73265546803ca961fc60135a8b95a9.tar.gz |
Validate that the Mobile Client settings have a valid RADIUS server selected
as the source for user authentication when EAP-RADIUS is selected as the
phase 1 authentication method for mobile IPsec. Fixes #5219.
Diffstat (limited to 'src/usr/local')
-rw-r--r-- | src/usr/local/www/vpn_ipsec_phase1.php | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/usr/local/www/vpn_ipsec_phase1.php b/src/usr/local/www/vpn_ipsec_phase1.php index 3770335..5a9b37f 100644 --- a/src/usr/local/www/vpn_ipsec_phase1.php +++ b/src/usr/local/www/vpn_ipsec_phase1.php @@ -414,6 +414,17 @@ if ($_POST) { } } + /* auth backend for mobile eap-radius VPNs should be a RADIUS server */ + + if (($pconfig['authentication_method'] == 'eap-radius') && $pconfig['mobile']) { + $auth_server_name = $config['ipsec']['client']['user_source']; + $auth_server = auth_get_authserver($auth_server_name); + if (!is_array($auth_server) || ($auth_server['type'] != 'radius')) { + $input_errors[] = gettext("A valid RADIUS server must be selected for user authentication on the Mobile Clients tab in order to set EAP-RADIUS as the authentication method."); + } + } + + /* build our encryption algorithms array */ $pconfig['ealgo'] = array(); $pconfig['ealgo']['name'] = $_POST['ealgo']; |