Development

2026-06-06 01:28:03 -04:00 · 2026-06-06 01:28:03 -04:00 · a94863e25a
commit a94863e25a
parent 34abbae32e
4 changed files with 77 additions and 4 deletions
--- a/docker/routlin-dash/app/pages/radius/action.py
+++ b/docker/routlin-dash/app/pages/radius/action.py
@ -69,7 +69,13 @@ def auth_mode_save():
    eap_protocol = request.form.get('eap_protocol', 'eap_peap')
    if eap_protocol not in ('eap_peap', 'eap_ttls', 'eap_md5'):
        eap_protocol = 'eap_peap'
-    tunneled_reply = 'tunneled_reply' in request.form
+    tunneled_reply  = 'tunneled_reply' in request.form
+    inner_protocol  = request.form.get('inner_protocol', '')
+
+    _valid_inner = {
+        'eap_peap': {'mschapv2', 'md5', 'gtc'},
+        'eap_ttls': {'md5', 'mschapv2', 'gtc'},
+    }

    cfg    = load_config()
    before = copy.deepcopy(cfg.get('radius', {}).get('options', {}))
@ -77,9 +83,14 @@ def auth_mode_save():
    if auth_mode == 'eap_password':
        after['eap_protocol']   = eap_protocol
        after['tunneled_reply'] = tunneled_reply and eap_protocol in ('eap_peap', 'eap_ttls')
+        if eap_protocol in _valid_inner and inner_protocol in _valid_inner[eap_protocol]:
+            after['inner_protocol'] = inner_protocol
+        else:
+            after.pop('inner_protocol', None)
    else:
-        after.pop('eap_protocol',   None)
-        after.pop('tunneled_reply', None)
+        after.pop('eap_protocol',    None)
+        after.pop('tunneled_reply',  None)
+        after.pop('inner_protocol',  None)
    cfg.setdefault('radius', {})['options'] = after

    changes = diff_fields(before, after)
--- a/docker/routlin-dash/app/pages/radius/content.json
+++ b/docker/routlin-dash/app/pages/radius/content.json
@ -238,6 +238,23 @@
              "options": "%RADIUS_EAP_PROTOCOL_OPTIONS%",
              "hint": "_"
            },
+            {
+              "type": "raw_html",
+              "html": "<div id=\"eap-inner-row\">"
+            },
+            {
+              "type": "field",
+              "label": "Inner Protocol",
+              "name": "inner_protocol",
+              "input_type": "select",
+              "value": "%RADIUS_INNER_PROTOCOL%",
+              "options": "%RADIUS_INNER_PROTOCOL_OPTIONS%",
+              "hint": "_"
+            },
+            {
+              "type": "raw_html",
+              "html": "</div>"
+            },
            {
              "type": "raw_html",
              "html": "<div id=\"eap-tunneled-row\">"
--- a/docker/routlin-dash/app/pages/radius/view.py
+++ b/docker/routlin-dash/app/pages/radius/view.py
@ -75,6 +75,21 @@ def collect_tokens(cfg):
        {'value': 'eap_ttls', 'label': 'EAP-TTLS'},
        {'value': 'eap_md5',  'label': 'EAP-MD5'},
    ])
+    _eap_proto = fr_opts.get('eap_protocol', 'eap_peap')
+    _inner_opts_peap = [
+        {'value': 'mschapv2', 'label': 'MSCHAPv2 (Default)'},
+        {'value': 'md5',      'label': 'MD5'},
+        {'value': 'gtc',      'label': 'GTC'},
+    ]
+    _inner_opts_ttls = [
+        {'value': 'md5',      'label': 'MD5 (Default)'},
+        {'value': 'mschapv2', 'label': 'MSCHAPv2'},
+        {'value': 'gtc',      'label': 'GTC'},
+    ]
+    tokens['RADIUS_INNER_PROTOCOL'] = fr_opts.get('inner_protocol', '')
+    tokens['RADIUS_INNER_PROTOCOL_OPTIONS'] = json.dumps(
+        _inner_opts_ttls if _eap_proto == 'eap_ttls' else _inner_opts_peap
+    )
    pro_suffix   = '' if PRO_LICENSE else ' (PRO REQUIRED)'
    pro_disabled = not PRO_LICENSE
    tokens['RADIUS_AUTH_MODE_OPTIONS'] = json.dumps([