From 63aac62930cb4ab32c2f0dc5408141408db5a659 Mon Sep 17 00:00:00 2001 From: Nachtfalke Date: Thu, 12 Jan 2012 23:31:14 +0100 Subject: Update config/freeradius2/freeradius.inc --- config/freeradius2/freeradius.inc | 47 +++++++++++++++++++++------------------ 1 file changed, 25 insertions(+), 22 deletions(-) (limited to 'config/freeradius2') diff --git a/config/freeradius2/freeradius.inc b/config/freeradius2/freeradius.inc index 3506641f..1d59ef37 100644 --- a/config/freeradius2/freeradius.inc +++ b/config/freeradius2/freeradius.inc @@ -590,9 +590,6 @@ function freeradius_eapconf_resync() { $eapconf = $config['installedpackages']['freeradiuseapconf']['config'][0]; - // Choose pfsense Cert-Manager or freeradius Cert-Manager - $vareapconfchoosecertmanager = ($eapconf['vareapconfchoosecertmanager']?$eapconf['vareapconfchoosecertmanager']:'radiuscertmgr'); - // Variables: EAP $vareapconfdefaulteaptype = ($eapconf['vareapconfdefaulteaptype']?$eapconf['vareapconfdefaulteaptype']:'md5'); $vareapconftimerexpire = ($eapconf['vareapconftimerexpire']?$eapconf['vareapconftimerexpire']:'60'); @@ -600,8 +597,17 @@ function freeradius_eapconf_resync() { $vareapconfciscoaccountingusernamebug = ($eapconf['vareapconfciscoaccountingusernamebug']?$eapconf['vareapconfciscoaccountingusernamebug']:'no'); $vareapconfmaxsessions = ($eapconf['vareapconfmaxsessions']?$eapconf['vareapconfmaxsessions']:'4096'); - // Variables: EAP-TLS and EAP-TLS with OCSP support + // Variables: EAP-TLS $vareapconfprivatekeypassword = ($eapconf['vareapconfprivatekeypassword']?$eapconf['vareapconfprivatekeypassword']:'whatever'); + $vareapconffragmentsize = ($eapconf['vareapconffragmentsize']?$eapconf['vareapconffragmentsize']:'1024'); + $vareapconfincludelength = ($eapconf['vareapconfincludelength']?$eapconf['vareapconfincludelength']:'yes'); + + // Variables: Cache + $vareapconfcacheenablecache = ($eapconf['vareapconfcacheenablecache']?$eapconf['vareapconfcacheenablecache']:'no'); + $vareapconfcachelifetime = ($eapconf['vareapconfcachelifetime']?$eapconf['vareapconfcachelifetime']:'24'); + $vareapconfcachemaxentries = ($eapconf['vareapconfcachemaxentries']?$eapconf['vareapconfcachemaxentries']:'255'); + + // Variables OSCP $vareapconfocspenable = ($eapconf['vareapconfocspenable']?$eapconf['vareapconfocspenable']:'no'); $vareapconfocspoverridecerturl = ($eapconf['vareapconfocspoverridecerturl']?$eapconf['vareapconfocspoverridecerturl']:'no'); $vareapconfocspurl = ($eapconf['vareapconfocspurl']?$eapconf['vareapconfocspurl']:'http://127.0.0.1/ocsp/'); @@ -610,6 +616,7 @@ function freeradius_eapconf_resync() { $vareapconfttlsdefaulteaptype = ($eapconf['vareapconfttlsdefaulteaptype']?$eapconf['vareapconfttlsdefaulteaptype']:'md5'); $vareapconfttlscopyrequesttotunnel = ($eapconf['vareapconfttlscopyrequesttotunnel']?$eapconf['vareapconfttlscopyrequesttotunnel']:'no'); $vareapconfttlsusetunneledreply = ($eapconf['vareapconfttlsusetunneledreply']?$eapconf['vareapconfttlsusetunneledreply']:'no'); + $vareapconfttlsincludelength = ($eapconf['vareapconfttlsincludelength']?$eapconf['vareapconfttlsincludelength']:'yes'); // Variables: EAP-PEAP with MSCHAPv2 $vareapconfpeapdefaulteaptype = ($eapconf['vareapconfpeapdefaulteaptype']?$eapconf['vareapconfpeapdefaulteaptype']:'mschapv2'); @@ -633,7 +640,7 @@ function freeradius_eapconf_resync() { // The filenames of pfsense cert manager are different from freeradius cert manager so it is possible to store both in the same folder at any time. // This is for the pfsense cert manager // Depends on "freeradius_get_server_certs" and "freeradius_get_ca_certs" -if ($vareapconfchoosecertmanager == 'pfsensecertmgr') { +if ($eapconf['vareapconfchoosecertmanager'] == 'on') { $ca_cert = lookup_ca($eapconf["ssl_ca_cert"]); if ($ca_cert != false) { @@ -682,12 +689,10 @@ if ($vareapconfchoosecertmanager == 'pfsensecertmgr') { } // This is for freeradius cert manager -if ($vareapconfchoosecertmanager == 'radiuscertmgr') { - +else { $vareapconfprivatekeyfile = 'server.pem'; $vareapconfcertificatefile = 'server.pem'; $vareapconfcafile = 'ca.pem'; - } $conf .= <<