diff options
author | jim-p <jimp@pfsense.org> | 2013-11-25 16:53:54 -0500 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2013-11-25 16:53:54 -0500 |
commit | 63aa82df03b81c31a4a0a2f74950cbcaf54b67f2 (patch) | |
tree | 3a7cf8bdda50a3a3604f018177dfcef70a0e4f33 | |
parent | f581b75f072a51330de2619669fc799a8ac5de73 (diff) | |
download | pfsense-packages-63aa82df03b81c31a4a0a2f74950cbcaf54b67f2.tar.gz pfsense-packages-63aa82df03b81c31a4a0a2f74950cbcaf54b67f2.tar.bz2 pfsense-packages-63aa82df03b81c31a4a0a2f74950cbcaf54b67f2.zip |
Instruct the client to use a random local port for OpenVPN in the exported configuration.
-rwxr-xr-x | config/openvpn-client-export/openvpn-client-export.inc | 16 | ||||
-rwxr-xr-x | config/openvpn-client-export/openvpn-client-export.xml | 2 | ||||
-rwxr-xr-x | config/openvpn-client-export/vpn_openvpn_export.php | 38 | ||||
-rw-r--r-- | pkg_config.8.xml | 2 | ||||
-rw-r--r-- | pkg_config.8.xml.amd64 | 2 |
5 files changed, 48 insertions, 12 deletions
diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc index e6351686..4d6ded8f 100755 --- a/config/openvpn-client-export/openvpn-client-export.inc +++ b/config/openvpn-client-export/openvpn-client-export.inc @@ -170,7 +170,7 @@ function openvpn_client_export_validate_config($srvid, $usrid, $crtid) { return array($settings, $server_cert, $server_ca, $servercn, $user, $cert, $nokeys); } -function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $usetoken, $nokeys = false, $proxy, $expformat = "baseconf", $outpass = "", $skiptls=false, $doslines=false, $openvpnmanager, $advancedoptions = "") { +function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, $nokeys = false, $proxy, $expformat = "baseconf", $outpass = "", $skiptls=false, $doslines=false, $openvpnmanager, $advancedoptions = "") { global $config, $input_errors, $g; $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); @@ -209,6 +209,12 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys if (($expformat != "inlinedroid") && ($expformat != "inlineios")) $conf .= "resolv-retry infinite{$nl}"; $conf .= "$remotes{$nl}"; + + /* Use a random local port, otherwise two clients will conflict if they run at the same time. + May not be supported on older clients (Released before May 2010) */ + if (($randomlocalport != 0) && (substr($expformat, 0, 7) != "yealink") && ($expformat != "snom")) + $conf .= "lport 0{$nl}"; + /* This line can cause problems with auth-only setups and also with Yealink/Snom phones since they are stuck on an older OpenVPN version that does not support this feature. */ if (!empty($servercn) && !$nokeys) { @@ -471,7 +477,7 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys } } -function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $usetoken, $outpass, $proxy, $openvpnmanager, $advancedoptions, $openvpn_version = "2.1") { +function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, $outpass, $proxy, $openvpnmanager, $advancedoptions, $openvpn_version = "2.1") { global $config, $g, $input_errors; $uname_p = trim(exec("uname -p")); @@ -523,7 +529,7 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $veri $pwdfle .= "{$proxy['password']}\r\n"; file_put_contents("{$confdir}/{$proxy['passwdfile']}", $pwdfle); } - $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $usetoken, $nokeys, $proxy, "", "baseconf", false, true, $openvpnmanager, $advancedoptions); + $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, $nokeys, $proxy, "", "baseconf", false, true, $openvpnmanager, $advancedoptions); if (!$conf) { $input_errors[] = "Could not create a config to export."; return false; @@ -588,7 +594,7 @@ RunProgram="openvpn-postinstall.exe" return $outfile; } -function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $usetoken, $outpass, $proxy, $openvpnmanager, $advancedoptions) { +function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, $outpass, $proxy, $openvpnmanager, $advancedoptions) { global $config, $g; $uname_p = trim(exec("uname -p")); @@ -623,7 +629,7 @@ function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $usead file_put_contents("{$tempdir}/{$proxy['passwdfile']}", $pwdfle); } - $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $usetoken, true, $proxy, "baseconf", "", true, $openvpnmanager, $advancedoptions); + $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, true, $proxy, "baseconf", "", true, $openvpnmanager, $advancedoptions); if (!$conf) return false; diff --git a/config/openvpn-client-export/openvpn-client-export.xml b/config/openvpn-client-export/openvpn-client-export.xml index 4c0518b2..0af838e9 100755 --- a/config/openvpn-client-export/openvpn-client-export.xml +++ b/config/openvpn-client-export/openvpn-client-export.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8" ?> <packagegui> <name>OpenVPN Client Export</name> - <version>1.2.2</version> + <version>1.2.4</version> <title>OpenVPN Client Export</title> <include_file>/usr/local/pkg/openvpn-client-export.inc</include_file> <backup_file></backup_file> diff --git a/config/openvpn-client-export/vpn_openvpn_export.php b/config/openvpn-client-export/vpn_openvpn_export.php index 44744832..8d002397 100755 --- a/config/openvpn-client-export/vpn_openvpn_export.php +++ b/config/openvpn-client-export/vpn_openvpn_export.php @@ -139,6 +139,7 @@ if (!empty($act)) { $openvpnmanager = $_GET['openvpnmanager']; $verifyservercn = $_GET['verifyservercn']; + $randomlocalport = $_GET['randomlocalport']; $usetoken = $_GET['usetoken']; if ($usetoken && (substr($act, 0, 10) == "confinline")) $input_errors[] = "You cannot use Microsoft Certificate Storage with an Inline configuration."; @@ -213,17 +214,17 @@ if (!empty($act)) { $exp_name = urlencode($exp_name."-config.ovpn"); $expformat = "baseconf"; } - $exp_path = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $usetoken, $nokeys, $proxy, $expformat, $password, false, false, $openvpnmanager, $advancedoptions); + $exp_path = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, $nokeys, $proxy, $expformat, $password, false, false, $openvpnmanager, $advancedoptions); } if($act == "visc") { $exp_name = urlencode($exp_name."-Viscosity.visc.zip"); - $exp_path = viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $usetoken, $password, $proxy, $openvpnmanager, $advancedoptions); + $exp_path = viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, $password, $proxy, $openvpnmanager, $advancedoptions); } if(substr($act, 0, 4) == "inst") { $exp_name = urlencode($exp_name."-install.exe"); - $exp_path = openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $usetoken, $password, $proxy, $openvpnmanager, $advancedoptions, substr($act, 5)); + $exp_path = openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, $password, $proxy, $openvpnmanager, $advancedoptions, substr($act, 5)); } if (!$exp_path) { @@ -307,6 +308,9 @@ function download_begin(act, i, j) { var verifyservercn; verifyservercn = document.getElementById("verifyservercn").value; + var randomlocalport = 0; + if (document.getElementById("randomlocalport").checked) + randomlocalport = 1; var usetoken = 0; if (document.getElementById("usetoken").checked) usetoken = 1; @@ -381,6 +385,7 @@ function download_begin(act, i, j) { } dlurl += "&useaddr=" + escape(useaddr); dlurl += "&verifyservercn=" + escape(verifyservercn); + dlurl += "&randomlocalport=" + escape(randomlocalport); dlurl += "&openvpnmanager=" + escape(openvpnmanager); dlurl += "&usetoken=" + escape(usetoken); if (usepass) @@ -642,6 +647,27 @@ function useproxy_changed(obj) { </td> </tr> <tr> + <td width="22%" valign="top" class="vncell">Use Random Local Port</td> + <td width="78%" class="vtable"> + <table border="0" cellpadding="2" cellspacing="0" summary="random local port"> + <tr> + <td> + <input name="randomlocalport" id="randomlocalport" type="checkbox" value="yes" checked="CHECKED" /> + </td> + <td> + <span class="vexpl"> + Use a random local source port (lport) for traffic from the client. Without this set, two clients may not run concurrently. + </span> + </td> + </tr> + <tr> + <td colspan="2"> + <span class="vexpl"><br/>NOTE: Not supported on older clients. Automatically disabled for Yealink and Snom configurations.</span> + </td> + </tr> + </table> + </tr> + <tr> <td width="22%" valign="top" class="vncell">Certificate Export Options</td> <td width="78%" class="vtable"> <table border="0" cellpadding="2" cellspacing="0" summary="export options"> @@ -806,10 +832,14 @@ function useproxy_changed(obj) { This will change the generated .ovpn configuration to allow for usage of the management interface. And include the OpenVPNManager program in the "Windows Installers". With this OpenVPN can be used also by non-administrator users. This is also useful for Windows Vista/7/8 systems where elevated permissions are needed to add routes to the system. - <br/><br/>NOTE: This is not currently compatible with the 64-bit OpenVPN installer. It will work with the 32-bit installer on a 64-bit system. </span> </td> </tr> + <tr> + <td colspan="2"> + <span class="vexpl"><br/>NOTE: This is not currently compatible with the 64-bit OpenVPN installer. It will work with the 32-bit installer on a 64-bit system.</span> + </td> + </tr> </table> </td> </tr> diff --git a/pkg_config.8.xml b/pkg_config.8.xml index d581bfbd..a0ff9147 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -1466,7 +1466,7 @@ <depends_on_package_pbi>zip-3.0-i386.pbi p7zip-9.20.1-i386.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/archivers/p7zip</build_port_path> <build_port_path>/usr/ports/archivers/zip</build_port_path> - <version>1.2.2</version> + <version>1.2.4</version> <status>RELEASE</status> <required_version>2.0</required_version> <config_file>http://www.pfsense.com/packages/config/openvpn-client-export/openvpn-client-export.xml</config_file> diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index 29ace26f..f0e6402f 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -1453,7 +1453,7 @@ <depends_on_package_pbi>p7zip-9.20.1-amd64.pbi zip-3.0-amd64.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/archivers/p7zip</build_port_path> <build_port_path>/usr/ports/archivers/zip</build_port_path> - <version>1.2.2</version> + <version>1.2.4</version> <status>RELEASE</status> <required_version>2.0</required_version> <config_file>http://www.pfsense.com/packages/config/openvpn-client-export/openvpn-client-export.xml</config_file> |