Closed cdcrawford closed 2 years ago
In FortiGate.pm, in sub: identifyConnectionType
sub identifyConnectionType {
my ( $self, $connection, $radius_request ) = @_;
my $logger = $self->logger;
my @require = qw(Connect-Info);
my @found = grep {exists $radius_request->{$_}} @require;
if ( (@require == @found) && $radius_request->{'Connect-Info'} =~ /^(vpn-ssl|vpn-ikev2)$/i ) {
$connection->isVPN($TRUE);
$connection->isCLI($FALSE);
} elsif ( (@require == @found) && $radius_request->{'Connect-Info'} =~ /^(admin-login)$/i ) {
$connection->isVPN($FALSE);
$connection->isCLI($TRUE);
}
**# Default to CLI
$connection->isVPN($FALSE);
$connection->isCLI($TRUE);**
}
The above is missing an IF Statement lacking an else, so it always defaults to a CLI login, issue is bolded.
We adjusted the code to include an ELSE at the end.
sub identifyConnectionType {
my ( $self, $connection, $radius_request ) = @_;
my $logger = $self->logger;
my @require = qw(Connect-Info);
my @found = grep {exists $radius_request->{$_}} @require;
if ( (@require == @found) && $radius_request->{'Connect-Info'} =~ /^(vpn-ssl|vpn-ikev2)$/i ) {
$connection->isVPN($TRUE);
$connection->isCLI($FALSE);
} elsif ( (@require == @found) && $radius_request->{'Connect-Info'} =~ /^(admin-login)$/i ) {
$connection->isVPN($FALSE);
$connection->isCLI($TRUE);
}
**else {
# Default to CLI
$connection->isVPN($FALSE);
$connection->isCLI($TRUE);
}**
}
The added ELSE in the IF statement allows for the VPN connection TRUE to be continued to the end of the sub routine.
Applied already 6243eb6
Describe the bug When we send a VPN Login radius request from our FortiGate to PacketFence Cluster it is not returned as PacketFence treats is as a CLI login attempt, which is not defined on our FortiGate switch in PacketFence
To Reproduce Steps to reproduce the behavior:
Expected behavior PacketFence to reply with Radius Accept, with Role attached.