summaryrefslogtreecommitdiffstats
path: root/usr
diff options
context:
space:
mode:
authorRenato Botelho <garga@FreeBSD.org>2014-02-28 17:25:05 -0300
committerRenato Botelho <garga@FreeBSD.org>2014-02-28 17:25:05 -0300
commit6d0f5a635aed336e5d2b6208a07a564b79f8863d (patch)
tree8a2ed8df22b811cb465b4ea43437294652be81c2 /usr
parent9904df17e50a827eb8e00fb1a595b313b98b5f31 (diff)
downloadpfsense-6d0f5a635aed336e5d2b6208a07a564b79f8863d.zip
pfsense-6d0f5a635aed336e5d2b6208a07a564b79f8863d.tar.gz
Add an option to verify peers_identifier when it's ASN.1 distinguished name. It should fix #2904
Diffstat (limited to 'usr')
-rw-r--r--usr/local/www/vpn_ipsec_phase1.php14
1 files changed, 14 insertions, 0 deletions
diff --git a/usr/local/www/vpn_ipsec_phase1.php b/usr/local/www/vpn_ipsec_phase1.php
index 90c2c34..a72b908 100644
--- a/usr/local/www/vpn_ipsec_phase1.php
+++ b/usr/local/www/vpn_ipsec_phase1.php
@@ -85,6 +85,7 @@ if (isset($p1index) && $a_phase1[$p1index]) {
$pconfig['myid_data'] = $a_phase1[$p1index]['myid_data'];
$pconfig['peerid_type'] = $a_phase1[$p1index]['peerid_type'];
$pconfig['peerid_data'] = $a_phase1[$p1index]['peerid_data'];
+ $pconfig['verify_identifier'] = isset($a_phase1[$p1index]['verify_identifier']);
$pconfig['ealgo'] = $a_phase1[$p1index]['encryption-algorithm'];
$pconfig['halgo'] = $a_phase1[$p1index]['hash-algorithm'];
$pconfig['dhgroup'] = $a_phase1[$p1index]['dhgroup'];
@@ -327,6 +328,10 @@ if ($_POST) {
$ph1ent['myid_data'] = $pconfig['myid_data'];
$ph1ent['peerid_type'] = $pconfig['peerid_type'];
$ph1ent['peerid_data'] = $pconfig['peerid_data'];
+ if (isset($pconfig['verify_identifier']))
+ $ph1ent['verify_identifier'] = true;
+ else
+ unset($ph1ent['verify_identifier']);
$ph1ent['encryption-algorithm'] = $pconfig['ealgo'];
$ph1ent['hash-algorithm'] = $pconfig['halgo'];
@@ -407,6 +412,11 @@ function peeridsel_change() {
document.getElementById('peerid_data').style.visibility = 'hidden';
else
document.getElementById('peerid_data').style.visibility = 'visible';
+
+ if (value == 'asn1dn')
+ document.getElementById('opt_verify_identifier').style.visibility = 'visible';
+ else
+ document.getElementById('opt_verify_identifier').style.visibility = 'hidden';
}
function methodsel_change() {
@@ -686,6 +696,10 @@ function dpdchkbox_change() {
<?php endforeach; ?>
</select>
<input name="peerid_data" type="text" class="formfld unknown" id="peerid_data" size="30" value="<?=htmlspecialchars($pconfig['peerid_data']);?>">
+ <span id="opt_verify_identifier">
+ <input id="verify_identifier" name="verify_identifier" type="checkbox" value="yes" <?php if ($pconfig['verify_identifier']) echo "checked=\"checked\""; ?> />
+ <span class="vexpl"><?=gettext("Verify peer's identifier"); ?>.</span>
+ </span>
<?php if ($pconfig['mobile']) { ?>
<br/><br/><?=gettext("NOTE: This is known as the \"group\" setting on some VPN client implementations"); ?>.
<?php } ?>
OpenPOWER on IntegriCloud