Revision e8a58de4
Added by Ermal Luçi over 15 years ago
| etc/inc/openvpn.inc | ||
|---|---|---|
| 379 | 379 |
$conf .= "client-cert-not-required\n"; |
| 380 | 380 |
case 'server_tls_user': |
| 381 | 381 |
$conf .= "username-as-common-name\n"; |
| 382 |
$conf .= "auth-user-pass-verify /etc/inc/openvpn.auth-user.php via-env\n"; |
|
| 382 |
if ($settings['authmode'] == "local") |
|
| 383 |
$conf .= "auth-user-pass-verify /etc/inc/openvpn.auth-user.php via-env\n"; |
|
| 384 |
else {
|
|
| 385 |
$authcfg = system_get_authserver($settings['authmode']); |
|
| 386 |
if ($authcfg) {
|
|
| 387 |
switch ($authcfg['type']) {
|
|
| 388 |
case 'ldap': |
|
| 389 |
$sed = "\$ldaphost={$authcfg['host']};";
|
|
| 390 |
$sed .= "\$ldapport={$authcfg['ldap_port']};";
|
|
| 391 |
$sed .= "\$ldapuserattr={$authcfg['ldap_attr_user']};";
|
|
| 392 |
$sed .= "\$ldapbasedn={$authcfg['ldap_basedn']};";
|
|
| 393 |
break; |
|
| 394 |
case 'radius': |
|
| 395 |
$sed = "\$radsrv={$authcfg['host']};";
|
|
| 396 |
$sed .= "\$radport={$authcfg['radius_auth_port']};";
|
|
| 397 |
$sed .= "\$radsecret={$authcfg['radius_secret']};";
|
|
| 398 |
break; |
|
| 399 |
} |
|
| 400 |
mwexec("/bin/cat /etc/inc/openvpn.auth-{$authcfg['type']}.php | /usr/bin/sed 's/\/\/<template>/{$sed}/g' > {$g['varetc_path']}/openvpn/{$mode_id}.php");
|
|
| 401 |
mwexec("/bin/chmod a+x {$g['varetc_path']}/openvpn/{$mode_id}.php");
|
|
| 402 |
$conf .= "auth-user-pass-verify {$g['varetc_path']}/openvpn/{$mode_id}.php via-env\n";
|
|
| 403 |
} |
|
| 404 |
} |
|
| 383 | 405 |
break; |
| 384 | 406 |
} |
| 385 | 407 |
|
Also available in: Unified diff
Add support for authenticating users against server specified in the system->user manager->servers for openvpn. While there propperly fill the shared secret field for raidus in the servers page.