Project

General

Profile

Bug #5138

TLS Authentication and Peer CRL field issues on vpn_openvpn_client.php

Added by Chris Buechler over 1 year ago. Updated over 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Start date:
09/15/2015
Due date:
% Done:

100%

Spent time:
Affected version:
2.3
Affected Architecture:

Description

Browse to vpn_openvpn_client.php, hit "Add client".

1) when you uncheck "Automatically generate a shared TLS authentication key", it doesn't display the box where you can paste in the key.
2) switch "Server mode" to "Peer to Peer (Shared key)", and the "Automatically generate" box is checked, but the box where you paste the key in is also displayed. Where the auto generate box is checked, the "Shared Key" box shouldn't appear. It toggles fine from there, it's just the initial change from SSL/TLS to Shared Key where it's wrong.
3) after switching "Server mode" to shared key, the "Peer Certificate Revocation list" option still shows up. That's only relevant with SSL/TLS mode and should be hidden after switching it to shared key.

Associated revisions

History

#1 Updated by Steve Beaver over 1 year ago

  • Status changed from Confirmed to Feedback
  • Assignee changed from Steve Beaver to Chris Buechler

Fixed javascript
Added missing client cert control

#2 Updated by Steve Beaver over 1 year ago

  • % Done changed from 0 to 100

#3 Updated by Jim Pingle over 1 year ago

  • Status changed from Feedback to Assigned
  • Assignee changed from Chris Buechler to Steve Beaver

Still a couple problems here:

1) "Peer Certificate Authority" and "Peer Certificate Revocation list" should be hidden when Shared Key mode is selected
2) The "Shared Key" entry box is still displayed when it first appears even though "Automatically generate a shared key" is checked by default. Uncheck/recheck "Automatically generate a shared key" and it hides like it should.

#4 Updated by Steve Beaver over 1 year ago

  • Status changed from Assigned to Feedback
  • Assignee changed from Steve Beaver to Chris Buechler

Javascript was simplified, fixed and commented so that I can understand it. Appears to be in agreement with 2.2 now.

#6 Updated by Jim Pingle over 1 year ago

  • Status changed from Feedback to Assigned
  • Assignee changed from Chris Buechler to Steve Beaver

Closer, but there still appears to be a couple issues.

1) When set for an SSL/TLS type both "TLS authentication" and "Auto Generate" (for shared key) appear. The state of the entry boxes is OK, but for SSL/TLS types only the TLS Authentication box should appear.

2) The coloring of the options is a bit weird, they are blending into the surrounding options in certain states. With all things expanded it looks OK but when some parts are hidden they appear to be grouped with unrelated options.

#7 Updated by Steve Beaver over 1 year ago

  • Assignee changed from Steve Beaver to Jared Dillard

Checkbox action resolved (per CMB) so passing hte display issue over to you.

#8 Updated by Jared Dillard over 1 year ago

Fix for the background color issue is applied in changeset pfsense:fbd9fabb0a86d8ed40047c52c8ad7719e7e9097d.

#9 Updated by Jared Dillard over 1 year ago

  • Status changed from Assigned to Feedback
  • Assignee changed from Jared Dillard to Jim Pingle

Looks like Steve Beaver fixed the action issues and I fixed the background color issue. Should just need to be reviewed.

#10 Updated by Jim Pingle over 1 year ago

  • Status changed from Feedback to Assigned
  • Assignee changed from Jim Pingle to Steve Beaver

Fields are still not right...

Peer to Peer (SSL/TLS) Shows:
  • "Enable authentication of TLS packets." (OK)
  • "Automatically generate a shared TLS authentication key" (OK)
  • Auto Generate / "Automatically generate a shared key" (Should not be there)
Peer to Peer (Shared Key) Shows:
  • "Automatically generate a shared TLS authentication key" (Should not be there)
  • Auto Generate / "Automatically generate a shared key" (OK)
Remote Access (SSL/TLS) Shows:
  • "Enable authentication of TLS packets." (OK)
  • "Automatically generate a shared TLS authentication key" (OK)
  • Auto Generate / "Automatically generate a shared key" (Should not be there)
Remote Access (User Auth) Shows:
  • "Enable authentication of TLS packets." (OK)
  • "Automatically generate a shared TLS authentication key" (OK)
  • Auto Generate / "Automatically generate a shared key" (Should not be there)
Remote Access (SSL/TLS + User Auth) Shows:
  • "Enable authentication of TLS packets." (OK)
  • "Automatically generate a shared TLS authentication key" (OK)
  • Auto Generate (Should not be there) -- the right side bit appears to be hidden in this mode, but the left side header is still there.

The alternating colors was indeed fixed by that other commit/ticket.

#11 Updated by Steve Beaver over 1 year ago

  • Status changed from Assigned to Closed

Most recent comments pertain to vpn_openvpn_server.php so have been moved to a new ticket: #5189

Also available in: Atom PDF