lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-16 01:24:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

don't try to enable legacy Xauth and radius at the same time + fix bug with $ph1ent

Browse Source
This commit is contained in:
Ad Schellevis 2017-01-31 21:29:06 +01:00
parent 4f4791c405
commit f12e4e4b2f
1 changed files with 38 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
src/etc/inc/ipsec.inc
View File

@ -700,7 +700,44 @@ EOD;
}
$strongswan .= "\t\t}\n";
if ($a_client['user_source'] != "none") {
$disable_xauth = false;
foreach ($a_phase1 as $ph1ent) {
if (!isset($ph1ent['disabled']) && isset($ph1ent['mobile'])) {
if ($ph1ent['authentication_method'] == "eap-radius") {
$disable_xauth = true; // disable Xauth when radius is used.
$strongswan .= "\t\teap-radius {\n";
$radius_servers = "";
$radius_server_num = 1;
$radius_accounting_enabled = false;
foreach (auth_get_authserver_list() as $auth_server) {
if (in_array($auth_server['name'], explode(',', $ph1ent['authservers']))) {
$radius_servers .= "\t\t\t\tserver" . $radius_server_num . " {\n";
$radius_servers .= "\t\t\t\t\taddress = " . $auth_server['host'] . "\n";
$radius_servers .= "\t\t\t\t\tsecret = " . $auth_server['radius_secret'] . "\n";
$radius_servers .= "\t\t\t\t\tauth_port = " . $auth_server['radius_auth_port'] . "\n";
if (!empty($auth_server['radius_acct_port'])) {
$radius_servers .= "\t\t\t\t\tacct_port = " . $auth_server['radius_acct_port'] . "\n";
}
$radius_servers .= "\t\t\t\t}\n";
if (!empty($auth_server['radius_acct_port'])) {
$radius_accounting_enabled = true;
}
$radius_server_num += 1;
}
}
if ($radius_accounting_enabled) {
$strongswan .= "\t\t\taccounting = yes\n";
}
$strongswan .= "\t\t\tservers {\n";
$strongswan .= $radius_servers;
$strongswan .= "\t\t\t}\n";
$strongswan .= "\t\t}\n";
break; // there can only be one mobile phase1, exit loop
}
}
}
if ($a_client['user_source'] != "none" && $disable_xauth == false) {
$strongswan .= "\t\txauth-generic {\n";
$strongswan .= "\t\t\tscript = /usr/local/etc/inc/ipsec.auth-user.php\n";
$strongswan .= "\t\t\tauthcfg = ";
@ -719,37 +756,6 @@ EOD;
$strongswan .= "\n";
$strongswan .= "\t\t}\n";
}
if ($ph1ent['authentication_method'] == "eap-radius") {
$strongswan .= "\t\teap-radius {\n";
$radius_servers = "";
$radius_server_num = 1;
$radius_accounting_enabled = false;
foreach (auth_get_authserver_list() as $auth_server) {
if (in_array($auth_server['name'], explode(',', $ph1ent['authservers']))) {
$radius_servers .= "\t\t\t\tserver" . $radius_server_num . " {\n";
$radius_servers .= "\t\t\t\t\taddress = " . $auth_server['host'] . "\n";
$radius_servers .= "\t\t\t\t\tsecret = " . $auth_server['radius_secret'] . "\n";
$radius_servers .= "\t\t\t\t\tauth_port = " . $auth_server['radius_auth_port'] . "\n";
if (!empty($auth_server['radius_acct_port'])) {
$radius_servers .= "\t\t\t\t\tacct_port = " . $auth_server['radius_acct_port'] . "\n";
}
$radius_servers .= "\t\t\t\t}\n";
if (!empty($auth_server['radius_acct_port'])) {
$radius_accounting_enabled = true;
}
$radius_server_num += 1;
}
}
if ($radius_accounting_enabled) {
$strongswan .= "\t\t\taccounting = yes\n";
}
$strongswan .= "\t\t\tservers {\n";
$strongswan .= $radius_servers;
$strongswan .= "\t\t\t}\n";
$strongswan .= "\t\t}\n";
}
}
$strongswan .= "\t}\n}\n";