diff options
| author | Ermal Luçi <eri@pfsense.org> | 2010-03-03 01:01:21 +0000 |
|---|---|---|
| committer | Ermal Luçi <eri@pfsense.org> | 2010-03-03 01:01:21 +0000 |
| commit | 2053c099e6e01cf9e5aff33204e153d0addd6f0b (patch) | |
| tree | 14e608c7a59592a767807c5f2b6d33986a43876f /config/openvpn-client-export/openvpn-client-export.inc | |
| parent | 149e155a77852b5c6ab503fe509e8fb1a221ce76 (diff) | |
| download | pfsense-packages-2053c099e6e01cf9e5aff33204e153d0addd6f0b.tar.gz pfsense-packages-2053c099e6e01cf9e5aff33204e153d0addd6f0b.tar.bz2 pfsense-packages-2053c099e6e01cf9e5aff33204e153d0addd6f0b.zip | |
Add tls-client to export.
Diffstat (limited to 'config/openvpn-client-export/openvpn-client-export.inc')
| -rwxr-xr-x | config/openvpn-client-export/openvpn-client-export.inc | 30 |
1 files changed, 14 insertions, 16 deletions
diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc index 576a2a6e..f113fb06 100755 --- a/config/openvpn-client-export/openvpn-client-export.inc +++ b/config/openvpn-client-export/openvpn-client-export.inc @@ -143,8 +143,7 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke $conf .= "persist-key\n"; $conf .= "proto {$proto}\n"; $conf .= "cipher {$cipher}\n"; - if ($nokeys == false) - $conf .= "tls-client\n"; + $conf .= "tls-client\n"; $conf .= "client\n"; $conf .= "resolv-retry infinite\n"; $conf .= "remote {$server_host} {$server_port}\n"; @@ -183,10 +182,8 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke } else if ($settings['mode'] == "server_user") $conf .= "ca {$prefix}-ca.crt\n"; - if($nokeys == false) { - if ($settings['tls']) - $conf .= "tls-auth {$prefix}-tls.key 1\n"; - } + if ($settings['tls']) + $conf .= "tls-auth {$prefix}-tls.key 1\n"; // add optional settings if ($settings['compression']) @@ -272,16 +269,17 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $uset $cafile = "{$tempdir}/config/{$prefix}-ca.crt"; file_put_contents($cafile, base64_decode($server_ca['crt'])); + if ($settings['tls']) { + $tlsfile = "{$tempdir}/config/{$prefix}-tls.key"; + file_put_contents($tlsfile, base64_decode($settings['tls'])); + } + // write key files if ($settings['mode'] != "server_user") { $crtfile = "{$tempdir}/config/{$prefix}-{$user['name']}.crt"; file_put_contents($crtfile, base64_decode($cert['crt'])); $keyfile = "{$tempdir}/config/{$prefix}-{$user['name']}.key"; file_put_contents($keyfile, base64_decode($cert['prv'])); - if ($settings['tls']) { - $tlsfile = "{$tempdir}/config/{$prefix}-tls.key"; - file_put_contents($tlsfile, base64_decode($settings['tls'])); - } // convert to pkcs12 format $p12file = "{$tempdir}/config/{$prefix}.p12"; @@ -386,10 +384,10 @@ EOF; $configfile = "{$tempdir}/config.conf"; $conf .= "ca ca.crt\n"; + $conf .= "tls-auth ta.key 1\n"; if ($settings['mode'] != "server_user") { $conf .= <<<EOF cert cert.crt -tls-auth ta.key 1 key key.key EOF; } @@ -411,12 +409,12 @@ EOF; // write user .key $keyfile = "{$tempdir}/key.key"; file_put_contents($keyfile, base64_decode($cert['prv'])); + } - // TLS support? - if ($settings['tls']) { - $tlsfile = "{$tempdir}/ta.key"; - file_put_contents($tlsfile, base64_decode($settings['tls'])); - } + // TLS support? + if ($settings['tls']) { + $tlsfile = "{$tempdir}/ta.key"; + file_put_contents($tlsfile, base64_decode($settings['tls'])); } // Zip Viscosity file |