diff options
author | jim-p <jimp@pfsense.org> | 2012-09-18 13:53:03 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2012-09-18 14:46:49 -0400 |
commit | b7cb81919d718fc0183cdc0297a2800c6b5902b9 (patch) | |
tree | 34347c4009fdf714b8395d75ef703a894a09d116 /config/openvpn-client-export | |
parent | 0781f617a535e9a51bf33f98282457451af114a2 (diff) | |
download | pfsense-packages-b7cb81919d718fc0183cdc0297a2800c6b5902b9.tar.gz pfsense-packages-b7cb81919d718fc0183cdc0297a2800c6b5902b9.tar.bz2 pfsense-packages-b7cb81919d718fc0183cdc0297a2800c6b5902b9.zip |
Make quoting the server CN optional since it seems to break more clients than it fixes; Add a third Yealink variant.
Diffstat (limited to 'config/openvpn-client-export')
-rwxr-xr-x | config/openvpn-client-export/openvpn-client-export.inc | 23 | ||||
-rwxr-xr-x | config/openvpn-client-export/openvpn-client-export.xml | 2 | ||||
-rwxr-xr-x | config/openvpn-client-export/vpn_openvpn_export.php | 41 |
3 files changed, 52 insertions, 14 deletions
diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc index 9f06ed0c..1c556d10 100755 --- a/config/openvpn-client-export/openvpn-client-export.inc +++ b/config/openvpn-client-export/openvpn-client-export.inc @@ -151,7 +151,7 @@ function openvpn_client_export_validate_config($srvid, $usrid, $crtid) { return array($settings, $server_cert, $server_ca, $servercn, $user, $cert, $nokeys); } -function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, $nokeys = false, $proxy, $expformat = "baseconf", $outpass = "", $skiptls=false, $doslines=false, $advancedoptions = "") { +function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $nokeys = false, $proxy, $expformat = "baseconf", $outpass = "", $skiptls=false, $doslines=false, $advancedoptions = "") { global $config, $input_errors, $g; $nl = ($doslines) ? "\r\n" : "\n"; @@ -198,8 +198,10 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke $conf .= "client{$nl}"; $conf .= "resolv-retry infinite{$nl}"; $conf .= "remote {$server_host} {$server_port}{$nl}"; - if (!empty($servercn)) - $conf .= "tls-remote \"{$servercn}\"{$nl}"; + if (!empty($servercn)) { + $qw = ($quoteservercn) ? "\"" : ""; + $conf .= "tls-remote {$qw}{$servercn}{$qw}{$nl}"; + } if (!empty($proxy)) { if ($proto == "udp") { @@ -239,6 +241,10 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke $conf .= "ca /phone/config/openvpn/keys/ca.crt{$nl}"; $conf .= "cert /phone/config/openvpn/keys/client1.crt{$nl}"; $conf .= "key /phone/config/openvpn/keys/client1.key{$nl}"; + } elseif ($expformat == "yealink_t38g2") { + $conf .= "ca /config/openvpn/keys/ca.crt{$nl}"; + $conf .= "cert /config/openvpn/keys/client1.crt{$nl}"; + $conf .= "key /config/openvpn/keys/client1.key{$nl}"; } elseif ($expformat == "snom") { $conf .= "ca /openvpn/ca.crt{$nl}"; $conf .= "cert /openvpn/phone1.crt{$nl}"; @@ -263,6 +269,8 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke $conf .= "tls-auth /yealink/config/openvpn/keys/ta.key 1{$nl}"; elseif ($expformat == "yealink_t38g") $conf .= "tls-auth /phone/config/openvpn/keys/ta.key 1{$nl}"; + elseif ($expformat == "yealink_t38g2") + $conf .= "tls-auth /config/openvpn/keys/ta.key 1{$nl}"; elseif ($expformat == "snom") $conf .= "tls-auth /openvpn/ta.key 1{$nl}"; else @@ -344,6 +352,7 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke break; case "yealink_t28": case "yealink_t38g": + case "yealink_t38g2": // create template directory $tempdir = "{$g['tmp_path']}/{$prefix}"; $keydir = "{$tempdir}/keys"; @@ -402,7 +411,7 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke } } -function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $usetoken, $outpass, $proxy, $advancedoptions) { +function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $outpass, $proxy, $advancedoptions) { global $config, $g, $input_errors; $uname_p = trim(exec("uname -p")); @@ -439,7 +448,7 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $uset $pwdfle .= "{$proxy['password']}\r\n"; file_put_contents("{$confdir}/{$proxy['passwdfile']}", $pwdfle); } - $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, $nokeys, $proxy, "", "baseconf", false, true, $advancedoptions); + $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $nokeys, $proxy, "", "baseconf", false, true, $advancedoptions); if (!$conf) { $input_errors[] = "Could not create a config to export."; return false; @@ -498,7 +507,7 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $uset return $outfile; } -function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $usetoken, $outpass, $proxy, $advancedoptions) { +function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $outpass, $proxy, $advancedoptions) { global $config, $g; $uname_p = trim(exec("uname -p")); @@ -533,7 +542,7 @@ function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $usead file_put_contents("{$tempdir}/{$proxy['passwdfile']}", $pwdfle); } - $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, true, $proxy, "baseconf", "", true, $advancedoptions); + $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, true, $proxy, "baseconf", "", true, $advancedoptions); if (!$conf) return false; diff --git a/config/openvpn-client-export/openvpn-client-export.xml b/config/openvpn-client-export/openvpn-client-export.xml index 254a95c7..02949cbd 100755 --- a/config/openvpn-client-export/openvpn-client-export.xml +++ b/config/openvpn-client-export/openvpn-client-export.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8" ?> <packagegui> <name>OpenVPN Client Export</name> - <version>0.22</version> + <version>0.24</version> <title>OpenVPN Client Export</title> <include_file>/usr/local/pkg/openvpn-client-export.inc</include_file> <backup_file></backup_file> diff --git a/config/openvpn-client-export/vpn_openvpn_export.php b/config/openvpn-client-export/vpn_openvpn_export.php index fa3bcb9c..811fb62f 100755 --- a/config/openvpn-client-export/vpn_openvpn_export.php +++ b/config/openvpn-client-export/vpn_openvpn_export.php @@ -137,10 +137,11 @@ if (!empty($act)) { $useaddr = $_GET['useaddr']; $advancedoptions = $_GET['advancedoptions']; + $quoteservercn = $_GET['quoteservercn']; $usetoken = $_GET['usetoken']; if ($usetoken && ($act == "confinline")) $input_errors[] = "You cannot use Microsoft Certificate Storage with an Inline configuration."; - if ($usetoken && (($act == "conf_yealink_t28") || ($act == "conf_yealink_t38g") || ($act == "conf_snom"))) + if ($usetoken && (($act == "conf_yealink_t28") || ($act == "conf_yealink_t38g") || ($act == "conf_yealink_t38g2") || ($act == "conf_snom"))) $input_errors[] = "You cannot use Microsoft Certificate Storage with a Yealink or SNOM configuration."; $password = ""; if ($_GET['password']) @@ -186,6 +187,10 @@ if (!empty($act)) { $exp_name = urlencode("client.tar"); $expformat = "yealink_t38g"; break; + case "conf_yealink_t38g2": + $exp_name = urlencode("client.tar"); + $expformat = "yealink_t38g2"; + break; case "conf_snom": $exp_name = urlencode("vpnclient.tar"); $expformat = "snom"; @@ -198,17 +203,17 @@ if (!empty($act)) { $exp_name = urlencode($exp_name."-config.ovpn"); $expformat = "baseconf"; } - $exp_path = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, $nokeys, $proxy, $expformat, $password, false, false, $advancedoptions); + $exp_path = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $nokeys, $proxy, $expformat, $password, false, false, $advancedoptions); } if($act == "visc") { $exp_name = urlencode($exp_name."-Viscosity.visc.zip"); - $exp_path = viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $usetoken, $password, $proxy, $advancedoptions); + $exp_path = viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $password, $proxy, $advancedoptions); } if($act == "inst") { $exp_name = urlencode($exp_name."-install.exe"); - $exp_path = openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $usetoken, $password, $proxy, $advancedoptions); + $exp_path = openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $password, $proxy, $advancedoptions); } if (!$exp_path) { @@ -289,6 +294,9 @@ function download_begin(act, i, j) { advancedoptions = document.getElementById("advancedoptions").value; + var quoteservercn = 0; + if (document.getElementById("quoteservercn").checked) + quoteservercn = 1; var usetoken = 0; if (document.getElementById("usetoken").checked) usetoken = 1; @@ -357,6 +365,7 @@ function download_begin(act, i, j) { dlurl += "&crtid=" + escape(certs[j][0]); } dlurl += "&useaddr=" + escape(useaddr); + dlurl += ""eservercn=" + escape(quoteservercn); dlurl += "&usetoken=" + escape(usetoken); if (usepass) dlurl += "&password=" + escape(pass); @@ -428,10 +437,13 @@ function server_changed() { cell2.innerHTML += "<br/>"; cell2.innerHTML += "<a href='javascript:download_begin(\"visc\", -1," + j + ")'>Viscosity Bundle</a>"; if (servers[index][2] == "server_tls") { - cell2.innerHTML += "<br/>Yealink SIP Handset: "; + cell2.innerHTML += "<br/>Yealink SIP Handsets: <br/>"; + cell2.innerHTML += " "; cell2.innerHTML += "<a href='javascript:download_begin(\"conf_yealink_t28\", -1," + j + ")'>T28</a>"; cell2.innerHTML += " "; - cell2.innerHTML += "<a href='javascript:download_begin(\"conf_yealink_t38g\", -1," + j + ")'>T38G</a>"; + cell2.innerHTML += "<a href='javascript:download_begin(\"conf_yealink_t38g\", -1," + j + ")'>T38G (1)</a>"; + cell2.innerHTML += " "; + cell2.innerHTML += "<a href='javascript:download_begin(\"conf_yealink_t38g2\", -1," + j + ")'>T38G (2)</a>"; cell2.innerHTML += "<br/>"; cell2.innerHTML += "<a href='javascript:download_begin(\"conf_snom\", -1," + j + ")'>SNOM SIP Handset</a>"; } @@ -550,6 +562,23 @@ function useproxy_changed(obj) { </td> </tr> <tr> + <td width="22%" valign="top" class="vncell">Quote Server CN</td> + <td width="78%" class="vtable"> + <table border="0" cellpadding="2" cellspacing="0"> + <tr> + <td> + <input name="quoteservercn" id="quoteservercn" type="checkbox" value="yes"> + </td> + <td> + <span class="vexpl"> + Enclose the server CN in quotes. Can help if your server CN contains spaces and certain clients cannot parse the server CN. Some clients have problems parsing the CN with quotes. Use only as needed. + </span> + </td> + </tr> + </table> + </td> + </tr> + <tr> <td width="22%" valign="top" class="vncell">Certificate Export Options</td> <td width="78%" class="vtable"> <table border="0" cellpadding="2" cellspacing="0"> |