Feature #4234: allow for strict user <> cn validation of mobile ipsec users when using rsa+xauth - pfSense - pfSense bugtracker

Feature #4234

allow for strict user <> cn validation of mobile ipsec users when using rsa+xauth

Added by Pi Ba over 3 years ago. Updated over 1 year ago.

Status:

Assigned

Priority:

Low

Assignee:

Category:

IPsec

Target version:

Future

Start date:

01/18/2015

Due date:

% Done:

Estimated time:

Description

Allow for strict user <> cn validation of mobile ipsec users when using rsa+xauth
It seems the gui setting is missing, but the background code is already in place to allow this.

History

#1 Updated by Renato Botelho over 3 years ago

Target version changed from 2.2 to 2.2.1

Push it to 2.2.1

#2 Updated by Chris Buechler over 3 years ago

Target version changed from 2.2.1 to 2.2.2

#3 Updated by Chris Buechler over 3 years ago

Target version changed from 2.2.2 to 2.2.3

#4 Updated by Chris Buechler over 3 years ago

Target version changed from 2.2.3 to 2.3

#5 Updated by Jim Thompson about 3 years ago

Assignee set to Matthew Smith

#6 Updated by Jim Thompson over 2 years ago

Assignee changed from Matthew Smith to Marc Dye

#7 Updated by Jim Thompson over 2 years ago

Status changed from New to Assigned

#8 Updated by Matthew Smith over 2 years ago

Target version changed from 2.3 to Future

The backend code that exists in /etc/inc/ipsec.auth-user.php is not actually something that can be used. It looks like that code is very closely modeled after code in the openvpn.auth-user.php script. OpenVPN passes the common name in as an environment variable when it calls an auth script. Strongswan doesn't do this so the code won't work.

#9 Updated by Renato Botelho over 1 year ago

Assignee deleted (~~Marc Dye~~)

Also available in: Atom PDF

Project

General

Profile

pfSense

Issues

Custom queries