diff options
author | Matt Smith <mgsmith@netgate.com> | 2015-10-19 11:22:35 -0500 |
---|---|---|
committer | Matt Smith <mgsmith@netgate.com> | 2015-10-19 11:23:17 -0500 |
commit | 0e8674d0db51dd7f7ae8a5e5640b7cea7ccd2c64 (patch) | |
tree | 9790b07d625fab5b026745cffe5af999ef8a34f0 /usr/local | |
parent | 28c54319caab5374fd87973e304ef083aa46653e (diff) | |
download | pfsense-0e8674d0db51dd7f7ae8a5e5640b7cea7ccd2c64.zip pfsense-0e8674d0db51dd7f7ae8a5e5640b7cea7ccd2c64.tar.gz |
Validate that the Mobile Client settings have a valid RADIUS server selected
as the source for user authentication when EAP-RADIUS is selected as the phase
1 authentication method for mobile IPsec. Fixes #5219.
Diffstat (limited to 'usr/local')
-rw-r--r-- | usr/local/www/vpn_ipsec_phase1.php | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/usr/local/www/vpn_ipsec_phase1.php b/usr/local/www/vpn_ipsec_phase1.php index 8549805..7834315 100644 --- a/usr/local/www/vpn_ipsec_phase1.php +++ b/usr/local/www/vpn_ipsec_phase1.php @@ -342,6 +342,17 @@ if ($_POST) { } } + /* auth backend for mobile eap-radius VPNs should be a RADIUS server */ + + if (($pconfig['authentication_method'] == 'eap-radius') && $pconfig['mobile']) { + $auth_server_name = $config['ipsec']['client']['user_source']; + $auth_server = auth_get_authserver($auth_server_name); + if (!is_array($auth_server) || ($auth_server['type'] != 'radius')) { + $input_errors[] = gettext("A valid RADIUS server must be selected for user authentication on the Mobile Clients tab in order to set EAP-RADIUS as the authentication method."); + } + } + + /* build our encryption algorithms array */ $pconfig['ealgo'] = array(); $pconfig['ealgo']['name'] = $_POST['ealgo']; |