From 1f65618b245a71d86fdcc173518270f815592b0c Mon Sep 17 00:00:00 2001 From: jim-p Date: Thu, 6 May 2010 16:13:24 -0400 Subject: Only enforce peer ID and psk on p1 screen if we are NOT dealing with a pure-psk mobile tunnel (which is the behavior in 1.2.3). Hide irrelevant options. Part of ticket #108. --- usr/local/www/vpn_ipsec_phase1.php | 59 ++++++++++++++++++++++++-------------- 1 file changed, 38 insertions(+), 21 deletions(-) (limited to 'usr/local/www/vpn_ipsec_phase1.php') diff --git a/usr/local/www/vpn_ipsec_phase1.php b/usr/local/www/vpn_ipsec_phase1.php index e902bc6..be3414c 100644 --- a/usr/local/www/vpn_ipsec_phase1.php +++ b/usr/local/www/vpn_ipsec_phase1.php @@ -136,7 +136,8 @@ if ($_POST) { /* input validation */ $method = $pconfig['authentication_method']; - if (($method == "pre_shared_key")||($method == "xauth_psk_server")) { + // Only require PSK here for normal PSK tunnels (not mobile) or xauth. + if ((($method == "pre_shared_key") && (!$pconfig['mobile']))||($method == "xauth_psk_server")) { $reqdfields = explode(" ", "pskey"); $reqdfieldsn = explode(",", "Pre-Shared Key"); } else { @@ -214,32 +215,35 @@ if ($_POST) { if ($pconfig['myid_type'] == "peeraddress") $pconfig['peerid_data'] = ""; - if ($pconfig['peerid_type'] == "address" and $pconfig['peerid_data'] == "") - $input_errors[] = gettext("Please enter an address for 'Peer Identifier'"); + // Only enforce peer ID if we are not dealing with a pure-psk mobile config. + if (!(($pconfig['authentication_method'] == "pre_shared_key") && ($pconfig['mobile']))) { + if ($pconfig['peerid_type'] == "address" and $pconfig['peerid_data'] == "") + $input_errors[] = gettext("Please enter an address for 'Peer Identifier'"); - if ($pconfig['peerid_type'] == "keyid tag" and $pconfig['peerid_data'] == "") - $input_errors[] = gettext("Please enter a keyid tag for 'Peer Identifier'"); + if ($pconfig['peerid_type'] == "keyid tag" and $pconfig['peerid_data'] == "") + $input_errors[] = gettext("Please enter a keyid tag for 'Peer Identifier'"); - if ($pconfig['peerid_type'] == "fqdn" and $pconfig['peerid_data'] == "") - $input_errors[] = gettext("Please enter a fully qualified domain name for 'Peer Identifier'"); + if ($pconfig['peerid_type'] == "fqdn" and $pconfig['peerid_data'] == "") + $input_errors[] = gettext("Please enter a fully qualified domain name for 'Peer Identifier'"); - if ($pconfig['peerid_type'] == "user_fqdn" and $pconfig['peerid_data'] == "") - $input_errors[] = gettext("Please enter a user and fully qualified domain name for 'Peer Identifier'"); + if ($pconfig['peerid_type'] == "user_fqdn" and $pconfig['peerid_data'] == "") + $input_errors[] = gettext("Please enter a user and fully qualified domain name for 'Peer Identifier'"); - if ((($pconfig['peerid_type'] == "address") && !is_ipaddr($pconfig['peerid_data']))) - $input_errors[] = "A valid IP address for 'Peer identifier' must be specified."; + if ((($pconfig['peerid_type'] == "address") && !is_ipaddr($pconfig['peerid_data']))) + $input_errors[] = "A valid IP address for 'Peer identifier' must be specified."; - if ((($pconfig['peerid_type'] == "fqdn") && !is_domain($pconfig['peerid_data']))) - $input_errors[] = "A valid domain name for 'Peer identifier' must be specified."; + if ((($pconfig['peerid_type'] == "fqdn") && !is_domain($pconfig['peerid_data']))) + $input_errors[] = "A valid domain name for 'Peer identifier' must be specified."; - if ($pconfig['peerid_type'] == "fqdn") - if (is_domain($pconfig['peerid_data']) == false) - $input_errors[] = "A valid FQDN for 'Peer identifier' must be specified."; + if ($pconfig['peerid_type'] == "fqdn") + if (is_domain($pconfig['peerid_data']) == false) + $input_errors[] = "A valid FQDN for 'Peer identifier' must be specified."; - if ($pconfig['peerid_type'] == "user_fqdn") { - $user_fqdn = explode("@",$pconfig['peerid_data']); - if (is_domain($user_fqdn[1]) == false) - $input_errors[] = "A valid User FQDN in the form of user@my.domain.com for 'Peer identifier' must be specified."; + if ($pconfig['peerid_type'] == "user_fqdn") { + $user_fqdn = explode("@",$pconfig['peerid_data']); + if (is_domain($user_fqdn[1]) == false) + $input_errors[] = "A valid User FQDN in the form of user@my.domain.com for 'Peer identifier' must be specified."; + } } if ($pconfig['dpd_enable']) { @@ -364,15 +368,25 @@ function methodsel_change() { switch (value) { case 'hybrid_rsa_server': document.getElementById('opt_psk').style.display = 'none'; + document.getElementById('opt_peerid').style.display = ''; document.getElementById('opt_cert').style.display = ''; break; case 'xauth_rsa_server': case 'rsasig': document.getElementById('opt_psk').style.display = 'none'; + document.getElementById('opt_peerid').style.display = ''; document.getElementById('opt_cert').style.display = ''; break; + + case 'pre_shared_key': + document.getElementById('opt_psk').style.display = 'none'; + document.getElementById('opt_peerid').style.display = 'none'; + document.getElementById('opt_cert').style.display = 'none'; + break; + default: /* psk modes*/ document.getElementById('opt_psk').style.display = ''; + document.getElementById('opt_peerid').style.display = ''; document.getElementById('opt_cert').style.display = 'none'; break; } @@ -567,7 +581,7 @@ function dpdchkbox_change() { - + Peer identifier + +

NOTE: This is known as the "group" setting on some VPN client implementations. + -- cgit v1.1