diff --git a/src/etc/inc/plugins.inc.d/openvpn/auth-user.php b/src/etc/inc/plugins.inc.d/openvpn/auth-user.php
index af94fd90f..df9537783 100644
--- a/src/etc/inc/plugins.inc.d/openvpn/auth-user.php
+++ b/src/etc/inc/plugins.inc.d/openvpn/auth-user.php
@@ -117,15 +117,19 @@ if (count($argv) > 6) {
$vpnid = filter_var($a_server['vpnid'], FILTER_SANITIZE_NUMBER_INT);
// fetch or create client specif override
$all_cso = openvpn_fetch_csc_list();
+ $common_name = empty($a_server['cso_login_matching']) ? $common_name : $username;
+ $login_type = empty($a_server['cso_login_matching']) ? "CN" : "USER";
if (!empty($all_cso[$vpnid][$common_name])) {
$cso = $all_cso[$vpnid][$common_name];
} else {
$cso = array("common_name" => $common_name);
}
+
$cso = array_merge($cso, parse_auth_properties($authenticator->getLastAuthProperties()));
$cso_filename = openvpn_csc_conf_write($cso, $a_server);
if (!empty($cso_filename)) {
- syslog(LOG_NOTICE, "user '{$username}' authenticated using '{$authName}' cso :{$cso_filename}");
+ $tmp = empty($a_server['cso_login_matching']) ? "CSO [CN]" : "CSO [USER]";
+ syslog(LOG_NOTICE, "user '{$username}' authenticated using '{$authName}' {$tmp}:{$cso_filename}");
} else {
syslog(LOG_NOTICE, "user '{$username}' authenticated using '{$authName}'");
}
diff --git a/src/www/vpn_openvpn_server.php b/src/www/vpn_openvpn_server.php
index 852808345..e43e64559 100644
--- a/src/www/vpn_openvpn_server.php
+++ b/src/www/vpn_openvpn_server.php
@@ -69,7 +69,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
,ntp_server2,netbios_enable,netbios_ntype,netbios_scope,wins_server1
,wins_server2,no_tun_ipv6,push_register_dns,dns_domain,local_group
,client_mgmt_port,verbosity_level,caref,crlref,certref,dh_length
- ,cert_depth,strictusercn,digest,disable,duplicate_cn,vpnid,reneg-sec,use-common-name";
+ ,cert_depth,strictusercn,digest,disable,duplicate_cn,vpnid,reneg-sec,use-common-name,cso_login_matching";
foreach (explode(",", $copy_fields) as $fieldname) {
$fieldname = trim($fieldname);
@@ -117,7 +117,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
,ntp_server2,netbios_enable,netbios_ntype,netbios_scope,wins_server1
,wins_server2,no_tun_ipv6,push_register_dns,dns_domain
,client_mgmt_port,verbosity_level,caref,crlref,certref,dh_length
- ,cert_depth,strictusercn,digest,disable,duplicate_cn,vpnid,shared_key,tls,reneg-sec,use-common-name";
+ ,cert_depth,strictusercn,digest,disable,duplicate_cn,vpnid,shared_key,tls,reneg-sec,use-common-name
+ ,cso_login_matching";
foreach (explode(",", $init_fields) as $fieldname) {
$fieldname = trim($fieldname);
if (!isset($pconfig[$fieldname])) {
@@ -347,7 +348,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
,serverbridge_dhcp_end,dns_domain,dns_server1,dns_server2,dns_server3
,dns_server4,push_register_dns,ntp_server1,ntp_server2,netbios_enable
,netbios_ntype,netbios_scope,no_tun_ipv6,verbosity_level,wins_server1
- ,wins_server2,client_mgmt_port,strictusercn,reneg-sec,use-common-name";
+ ,wins_server2,client_mgmt_port,strictusercn,reneg-sec,use-common-name,cso_login_matching";
foreach (explode(",", $copy_fields) as $fieldname) {
$fieldname = trim($fieldname);
@@ -1585,6 +1586,17 @@ endif; ?>
+
+ | |
+
+ />
+
+
+
+
+
+ |
+
| |
|