Todo #5219: EAP-RADIUS selection for IKEv2 Mobile IPsec should warn if the selected authentication backend is not a RADIUS server. - pfSense - pfSense bugtracker

Todo #5219

EAP-RADIUS selection for IKEv2 Mobile IPsec should warn if the selected authentication backend is not a RADIUS server.

Added by Jim Pingle over 3 years ago. Updated over 3 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Matthew Smith

Category:

IPsec

Target version:

2.3

Start date:

09/30/2015

Due date:

% Done:

100%

Estimated time:

Description

When selecting EAP-RADIUS for a IKEv2 mobile IPsec Phase 1 authentication, the chosen backend server on the Mobile Clients tab must be a RADIUS server. Currently if another type is selected it results in a broken configuration without a warning.

Associated revisions

Revision 0e8674d0 (diff)
Added by Matthew Smith over 3 years ago

Validate that the Mobile Client settings have a valid RADIUS server selected
as the source for user authentication when EAP-RADIUS is selected as the phase
1 authentication method for mobile IPsec. Fixes #5219.

Revision fce93905 (diff)
Added by Matthew Smith over 3 years ago

Validate that the Mobile Client settings have a valid RADIUS server selected
as the source for user authentication when EAP-RADIUS is selected as the
phase 1 authentication method for mobile IPsec. Fixes #5219.

Revision 6684d594 (diff)
Added by Matthew Smith over 3 years ago

Don't allow IPsec mobile clients user auth source to not be a RADIUS server if
the phase1 auth method is EAP-RADIUS. Properly handle selection of multiple
RADIUS servers when using EAP-RADIUS. Fixes #5219.

History

#1 Updated by Chris Buechler over 3 years ago

Project changed from Bootstrap to pfSense
Category set to IPsec

moving since it's not bootstrap-specific

#2 Updated by Jim Thompson over 3 years ago

Assignee set to Matthew Smith

#3 Updated by Matthew Smith over 3 years ago

Status changed from New to Feedback
% Done changed from 0 to 100

Applied in changeset 0e8674d0db51dd7f7ae8a5e5640b7cea7ccd2c64.

#4 Updated by Matthew Smith over 3 years ago

Applied in changeset fce93905bf73265546803ca961fc60135a8b95a9.

#5 Updated by Jim Pingle over 3 years ago

Status changed from Feedback to New
% Done changed from 100 to 50

The warning is given when the user saves on the Mobile IPsec Phase 1, but it is still possible to break by selecting a Non-RADIUS auth server on the Mobile Clients tab.

#6 Updated by Matthew Smith over 3 years ago

Status changed from New to Feedback
% Done changed from 50 to 100

Applied in changeset 6684d5944eacf4dbd717edba9d82c30001b5bc3b.

#7 Updated by Jim Pingle over 3 years ago

Status changed from Feedback to Resolved

Seems to be solid now, I can't coerce it into a broken configuration either way.

Also available in: Atom PDF

Project

General

Profile

pfSense

Issues

Custom queries