aboutsummaryrefslogtreecommitdiffstats
path: root/config/openvpn-client-export
diff options
context:
space:
mode:
authorjim-p <jimp@pfsense.org>2013-07-11 09:55:54 -0400
committerjim-p <jimp@pfsense.org>2013-07-11 09:56:53 -0400
commit4f04e374e024c87496a6d8556975ff191fef461a (patch)
tree1ce56308e65d733b83870de1e1e603327499d1f9 /config/openvpn-client-export
parent3ca1b0aaa7268c362b644d656a6b01cececfd844 (diff)
downloadpfsense-packages-4f04e374e024c87496a6d8556975ff191fef461a.tar.gz
pfsense-packages-4f04e374e024c87496a6d8556975ff191fef461a.tar.bz2
pfsense-packages-4f04e374e024c87496a6d8556975ff191fef461a.zip
When we don't need a client cert, add a line to tell the client that we don't need a client cert, or else the OpenVPN Connect app will try to force the user to pick one.
Diffstat (limited to 'config/openvpn-client-export')
-rwxr-xr-xconfig/openvpn-client-export/openvpn-client-export.inc3
1 files changed, 3 insertions, 0 deletions
diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc
index 06a0928c..d88d988f 100755
--- a/config/openvpn-client-export/openvpn-client-export.inc
+++ b/config/openvpn-client-export/openvpn-client-export.inc
@@ -383,6 +383,9 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $quotese
$conf .= "<cert>{$nl}" . trim(base64_decode($cert['crt'])) . "{$nl}</cert>{$nl}";
// Inline Key
$conf .= "<key>{$nl}" . trim(base64_decode($cert['prv'])) . "{$nl}</key>{$nl}";
+ } else {
+ // Work around OpenVPN Connect assuming you have a client cert even when you don't need one
+ $conf .= "setenv CLIENT_CERT 0{$nl}";
}
// Inline TLS
if ($settings['tls']) {