Project

General

Profile

Actions

Feature #4234

open

allow for strict user <> cn validation of mobile ipsec users when using rsa+xauth

Added by Pi Ba almost 7 years ago. Updated almost 5 years ago.

Status:
Assigned
Priority:
Low
Assignee:
-
Category:
IPsec
Target version:
Start date:
01/18/2015
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:

Description

Allow for strict user <> cn validation of mobile ipsec users when using rsa+xauth
It seems the gui setting is missing, but the background code is already in place to allow this.

Actions #1

Updated by Renato Botelho almost 7 years ago

  • Target version changed from 2.2 to 2.2.1

Push it to 2.2.1

Actions #2

Updated by Chris Buechler over 6 years ago

  • Target version changed from 2.2.1 to 2.2.2
Actions #3

Updated by Chris Buechler over 6 years ago

  • Target version changed from 2.2.2 to 2.2.3
Actions #4

Updated by Chris Buechler over 6 years ago

  • Target version changed from 2.2.3 to 2.3
Actions #5

Updated by Jim Thompson about 6 years ago

  • Assignee set to Matthew Smith
Actions #6

Updated by Jim Thompson almost 6 years ago

  • Assignee changed from Matthew Smith to Marc Dye
Actions #7

Updated by Jim Thompson over 5 years ago

  • Status changed from New to Assigned
Actions #8

Updated by Matthew Smith over 5 years ago

  • Target version changed from 2.3 to Future

The backend code that exists in /etc/inc/ipsec.auth-user.php is not actually something that can be used. It looks like that code is very closely modeled after code in the openvpn.auth-user.php script. OpenVPN passes the common name in as an environment variable when it calls an auth script. Strongswan doesn't do this so the code won't work.

Actions #9

Updated by Renato Botelho almost 5 years ago

  • Assignee deleted (Marc Dye)
Actions

Also available in: Atom PDF