Todo #5219
EAP-RADIUS selection for IKEv2 Mobile IPsec should warn if the selected authentication backend is not a RADIUS server.
100%
Description
When selecting EAP-RADIUS for a IKEv2 mobile IPsec Phase 1 authentication, the chosen backend server on the Mobile Clients tab must be a RADIUS server. Currently if another type is selected it results in a broken configuration without a warning.
Associated revisions
Validate that the Mobile Client settings have a valid RADIUS server selected
as the source for user authentication when EAP-RADIUS is selected as the
phase 1 authentication method for mobile IPsec. Fixes #5219.
Don't allow IPsec mobile clients user auth source to not be a RADIUS server if
the phase1 auth method is EAP-RADIUS. Properly handle selection of multiple
RADIUS servers when using EAP-RADIUS. Fixes #5219.
History
#1
Updated by Chris Buechler over 5 years ago
- Project changed from Bootstrap to pfSense
- Category set to IPsec
moving since it's not bootstrap-specific
#2
Updated by Jim Thompson over 5 years ago
- Assignee set to Matthew Smith
#3
Updated by Matthew Smith over 5 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset 0e8674d0db51dd7f7ae8a5e5640b7cea7ccd2c64.
#4
Updated by Matthew Smith over 5 years ago
Applied in changeset fce93905bf73265546803ca961fc60135a8b95a9.
#5
Updated by Jim Pingle over 5 years ago
- Status changed from Feedback to New
- % Done changed from 100 to 50
The warning is given when the user saves on the Mobile IPsec Phase 1, but it is still possible to break by selecting a Non-RADIUS auth server on the Mobile Clients tab.
#6
Updated by Matthew Smith over 5 years ago
- Status changed from New to Feedback
- % Done changed from 50 to 100
Applied in changeset 6684d5944eacf4dbd717edba9d82c30001b5bc3b.
#7
Updated by Jim Pingle over 5 years ago
- Status changed from Feedback to Resolved
Seems to be solid now, I can't coerce it into a broken configuration either way.
Validate that the Mobile Client settings have a valid RADIUS server selected
as the source for user authentication when EAP-RADIUS is selected as the phase
1 authentication method for mobile IPsec. Fixes #5219.