aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjim-p <jimp@pfsense.org>2013-11-14 12:55:37 -0500
committerjim-p <jimp@pfsense.org>2013-11-14 12:58:27 -0500
commitcbc1ba10d307df94cd619f11d1ce455a0d8e43e9 (patch)
tree2179e384ddc3d2f8344ac7f00ebdb8ce69542e7a
parentecd23b84d355e7f05d2d14b1b7747b08ca02da03 (diff)
downloadpfsense-packages-cbc1ba10d307df94cd619f11d1ce455a0d8e43e9.tar.gz
pfsense-packages-cbc1ba10d307df94cd619f11d1ce455a0d8e43e9.tar.bz2
pfsense-packages-cbc1ba10d307df94cd619f11d1ce455a0d8e43e9.zip
Missed this file in the previous commit.
-rwxr-xr-xconfig/openvpn-client-export/vpn_openvpn_export.php34
1 files changed, 20 insertions, 14 deletions
diff --git a/config/openvpn-client-export/vpn_openvpn_export.php b/config/openvpn-client-export/vpn_openvpn_export.php
index f0bcbee2..44744832 100755
--- a/config/openvpn-client-export/vpn_openvpn_export.php
+++ b/config/openvpn-client-export/vpn_openvpn_export.php
@@ -138,7 +138,7 @@ if (!empty($act)) {
$advancedoptions = $_GET['advancedoptions'];
$openvpnmanager = $_GET['openvpnmanager'];
- $quoteservercn = $_GET['quoteservercn'];
+ $verifyservercn = $_GET['verifyservercn'];
$usetoken = $_GET['usetoken'];
if ($usetoken && (substr($act, 0, 10) == "confinline"))
$input_errors[] = "You cannot use Microsoft Certificate Storage with an Inline configuration.";
@@ -213,17 +213,17 @@ if (!empty($act)) {
$exp_name = urlencode($exp_name."-config.ovpn");
$expformat = "baseconf";
}
- $exp_path = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $nokeys, $proxy, $expformat, $password, false, false, $openvpnmanager, $advancedoptions);
+ $exp_path = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $usetoken, $nokeys, $proxy, $expformat, $password, false, false, $openvpnmanager, $advancedoptions);
}
if($act == "visc") {
$exp_name = urlencode($exp_name."-Viscosity.visc.zip");
- $exp_path = viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $password, $proxy, $openvpnmanager, $advancedoptions);
+ $exp_path = viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $usetoken, $password, $proxy, $openvpnmanager, $advancedoptions);
}
if(substr($act, 0, 4) == "inst") {
$exp_name = urlencode($exp_name."-install.exe");
- $exp_path = openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $password, $proxy, $openvpnmanager, $advancedoptions, substr($act, 5));
+ $exp_path = openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $usetoken, $password, $proxy, $openvpnmanager, $advancedoptions, substr($act, 5));
}
if (!$exp_path) {
@@ -304,9 +304,9 @@ function download_begin(act, i, j) {
advancedoptions = document.getElementById("advancedoptions").value;
- var quoteservercn = 0;
- if (document.getElementById("quoteservercn").checked)
- quoteservercn = 1;
+ var verifyservercn;
+ verifyservercn = document.getElementById("verifyservercn").value;
+
var usetoken = 0;
if (document.getElementById("usetoken").checked)
usetoken = 1;
@@ -380,7 +380,7 @@ function download_begin(act, i, j) {
dlurl += "&crtid=" + escape(certs[j][0]);
}
dlurl += "&useaddr=" + escape(useaddr);
- dlurl += "&quoteservercn=" + escape(quoteservercn);
+ dlurl += "&verifyservercn=" + escape(verifyservercn);
dlurl += "&openvpnmanager=" + escape(openvpnmanager);
dlurl += "&usetoken=" + escape(usetoken);
if (usepass)
@@ -619,16 +619,22 @@ function useproxy_changed(obj) {
</td>
</tr>
<tr>
- <td width="22%" valign="top" class="vncell">Quote Server CN</td>
+ <td width="22%" valign="top" class="vncell">Verify Server CN</td>
<td width="78%" class="vtable">
- <table border="0" cellpadding="2" cellspacing="0" summary="quote server cn">
+ <table border="0" cellpadding="2" cellspacing="0" summary="verify server cn">
<tr>
<td>
- <input name="quoteservercn" id="quoteservercn" type="checkbox" value="yes" />
- </td>
- <td>
+ <select name="verifyservercn" id="verifyservercn" class="formselect">
+ <option value="auto">Automatic - Use verify-x509-name (OpenVPN 2.3+) where possible</option>
+ <option value="tls-remote">Use tls-remote (Deprecated, use only on old clients &lt;= OpenVPN 2.2.x)</option>
+ <option value="tls-remote-quote">Use tls-remote and quote the server CN</option>
+ <option value="none">Do not verify the server CN</option>
+ </select>
+ <br/>
<span class="vexpl">
- Enclose the server CN in quotes. Can help if your server CN contains spaces and certain clients cannot parse the server CN. Some clients have problems parsing the CN with quotes. Use only as needed.
+ Optionally verify the server certificate Common Name (CN) when the client connects. Current clients, including the most recent versions of Windows, Viscosity, Tunnelblick, OpenVPN on iOS and Android and so on should all work at the default automatic setting.
+ <br/><br/>Only use tls-remote if you must use an older client that you cannot control. The option has been deprecated by OpenVPN and will be removed in the next major version.
+ <br/><br/>With tls-remote the server CN may optionally be enclosed in quotes. This can help if the server CN contains spaces and certain clients cannot parse the server CN. Some clients have problems parsing the CN with quotes. Use only as needed.
</span>
</td>
</tr>