diff options
| author | jim-p <jimp@pfsense.org> | 2013-11-11 08:45:53 -0500 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2013-11-11 08:45:53 -0500 |
| commit | 03d4c6e46aceee78b62ad8bec0590a6a4f6df89c (patch) | |
| tree | 88d1d0ff1f3edfd0ded8c86538ca621407c10ae6 /config/openvpn-client-export/openvpn-client-export.inc | |
| parent | e476ea3d2721b69968752b9a4073c71cdfefbeb1 (diff) | |
| download | pfsense-packages-03d4c6e46aceee78b62ad8bec0590a6a4f6df89c.tar.gz pfsense-packages-03d4c6e46aceee78b62ad8bec0590a6a4f6df89c.tar.bz2 pfsense-packages-03d4c6e46aceee78b62ad8bec0590a6a4f6df89c.zip | |
Disable "verify-x509-name" in some cases. It can cause problems with auth-only setups, and also with Yealink/Snom phones since they are stuck on an older OpenVPN version that does not support this feature.
Diffstat (limited to 'config/openvpn-client-export/openvpn-client-export.inc')
| -rwxr-xr-x | config/openvpn-client-export/openvpn-client-export.inc | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc index c7afb9e6..cf7eb7a4 100755 --- a/config/openvpn-client-export/openvpn-client-export.inc +++ b/config/openvpn-client-export/openvpn-client-export.inc @@ -209,7 +209,9 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $quotese if (($expformat != "inlinedroid") && ($expformat != "inlineios")) $conf .= "resolv-retry infinite{$nl}"; $conf .= "$remotes{$nl}"; - if (!empty($servercn)) { + /* This line can cause problems with auth-only setups and also with Yealink/Snom phones + since they are stuck on an older OpenVPN version that does not support this feature. */ + if (!empty($servercn) && !$nokeys && (substr($expformat, 0, 7) != "yealink") && ($expformat != "snom")) { $qw = ($quoteservercn) ? "\"" : ""; $conf .= "verify-x509-name {$qw}{$servercn}{$qw} name{$nl}"; } |