aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
authorjim-p <jimp@pfsense.org>2013-11-25 16:53:54 -0500
committerjim-p <jimp@pfsense.org>2013-11-25 16:53:54 -0500
commit63aa82df03b81c31a4a0a2f74950cbcaf54b67f2 (patch)
tree3a7cf8bdda50a3a3604f018177dfcef70a0e4f33 /config
parentf581b75f072a51330de2619669fc799a8ac5de73 (diff)
downloadpfsense-packages-63aa82df03b81c31a4a0a2f74950cbcaf54b67f2.tar.gz
pfsense-packages-63aa82df03b81c31a4a0a2f74950cbcaf54b67f2.tar.bz2
pfsense-packages-63aa82df03b81c31a4a0a2f74950cbcaf54b67f2.zip
Instruct the client to use a random local port for OpenVPN in the exported configuration.
Diffstat (limited to 'config')
-rwxr-xr-xconfig/openvpn-client-export/openvpn-client-export.inc16
-rwxr-xr-xconfig/openvpn-client-export/openvpn-client-export.xml2
-rwxr-xr-xconfig/openvpn-client-export/vpn_openvpn_export.php38
3 files changed, 46 insertions, 10 deletions
diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc
index e6351686..4d6ded8f 100755
--- a/config/openvpn-client-export/openvpn-client-export.inc
+++ b/config/openvpn-client-export/openvpn-client-export.inc
@@ -170,7 +170,7 @@ function openvpn_client_export_validate_config($srvid, $usrid, $crtid) {
return array($settings, $server_cert, $server_ca, $servercn, $user, $cert, $nokeys);
}
-function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $usetoken, $nokeys = false, $proxy, $expformat = "baseconf", $outpass = "", $skiptls=false, $doslines=false, $openvpnmanager, $advancedoptions = "") {
+function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, $nokeys = false, $proxy, $expformat = "baseconf", $outpass = "", $skiptls=false, $doslines=false, $openvpnmanager, $advancedoptions = "") {
global $config, $input_errors, $g;
$pfs_version = substr(trim(file_get_contents("/etc/version")),0,3);
@@ -209,6 +209,12 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys
if (($expformat != "inlinedroid") && ($expformat != "inlineios"))
$conf .= "resolv-retry infinite{$nl}";
$conf .= "$remotes{$nl}";
+
+ /* Use a random local port, otherwise two clients will conflict if they run at the same time.
+ May not be supported on older clients (Released before May 2010) */
+ if (($randomlocalport != 0) && (substr($expformat, 0, 7) != "yealink") && ($expformat != "snom"))
+ $conf .= "lport 0{$nl}";
+
/* This line can cause problems with auth-only setups and also with Yealink/Snom phones
since they are stuck on an older OpenVPN version that does not support this feature. */
if (!empty($servercn) && !$nokeys) {
@@ -471,7 +477,7 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys
}
}
-function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $usetoken, $outpass, $proxy, $openvpnmanager, $advancedoptions, $openvpn_version = "2.1") {
+function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, $outpass, $proxy, $openvpnmanager, $advancedoptions, $openvpn_version = "2.1") {
global $config, $g, $input_errors;
$uname_p = trim(exec("uname -p"));
@@ -523,7 +529,7 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $veri
$pwdfle .= "{$proxy['password']}\r\n";
file_put_contents("{$confdir}/{$proxy['passwdfile']}", $pwdfle);
}
- $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $usetoken, $nokeys, $proxy, "", "baseconf", false, true, $openvpnmanager, $advancedoptions);
+ $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, $nokeys, $proxy, "", "baseconf", false, true, $openvpnmanager, $advancedoptions);
if (!$conf) {
$input_errors[] = "Could not create a config to export.";
return false;
@@ -588,7 +594,7 @@ RunProgram="openvpn-postinstall.exe"
return $outfile;
}
-function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $usetoken, $outpass, $proxy, $openvpnmanager, $advancedoptions) {
+function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, $outpass, $proxy, $openvpnmanager, $advancedoptions) {
global $config, $g;
$uname_p = trim(exec("uname -p"));
@@ -623,7 +629,7 @@ function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $usead
file_put_contents("{$tempdir}/{$proxy['passwdfile']}", $pwdfle);
}
- $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $usetoken, true, $proxy, "baseconf", "", true, $openvpnmanager, $advancedoptions);
+ $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, true, $proxy, "baseconf", "", true, $openvpnmanager, $advancedoptions);
if (!$conf)
return false;
diff --git a/config/openvpn-client-export/openvpn-client-export.xml b/config/openvpn-client-export/openvpn-client-export.xml
index 4c0518b2..0af838e9 100755
--- a/config/openvpn-client-export/openvpn-client-export.xml
+++ b/config/openvpn-client-export/openvpn-client-export.xml
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="utf-8" ?>
<packagegui>
<name>OpenVPN Client Export</name>
- <version>1.2.2</version>
+ <version>1.2.4</version>
<title>OpenVPN Client Export</title>
<include_file>/usr/local/pkg/openvpn-client-export.inc</include_file>
<backup_file></backup_file>
diff --git a/config/openvpn-client-export/vpn_openvpn_export.php b/config/openvpn-client-export/vpn_openvpn_export.php
index 44744832..8d002397 100755
--- a/config/openvpn-client-export/vpn_openvpn_export.php
+++ b/config/openvpn-client-export/vpn_openvpn_export.php
@@ -139,6 +139,7 @@ if (!empty($act)) {
$openvpnmanager = $_GET['openvpnmanager'];
$verifyservercn = $_GET['verifyservercn'];
+ $randomlocalport = $_GET['randomlocalport'];
$usetoken = $_GET['usetoken'];
if ($usetoken && (substr($act, 0, 10) == "confinline"))
$input_errors[] = "You cannot use Microsoft Certificate Storage with an Inline configuration.";
@@ -213,17 +214,17 @@ if (!empty($act)) {
$exp_name = urlencode($exp_name."-config.ovpn");
$expformat = "baseconf";
}
- $exp_path = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $usetoken, $nokeys, $proxy, $expformat, $password, false, false, $openvpnmanager, $advancedoptions);
+ $exp_path = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, $nokeys, $proxy, $expformat, $password, false, false, $openvpnmanager, $advancedoptions);
}
if($act == "visc") {
$exp_name = urlencode($exp_name."-Viscosity.visc.zip");
- $exp_path = viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $usetoken, $password, $proxy, $openvpnmanager, $advancedoptions);
+ $exp_path = viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, $password, $proxy, $openvpnmanager, $advancedoptions);
}
if(substr($act, 0, 4) == "inst") {
$exp_name = urlencode($exp_name."-install.exe");
- $exp_path = openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $usetoken, $password, $proxy, $openvpnmanager, $advancedoptions, substr($act, 5));
+ $exp_path = openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, $password, $proxy, $openvpnmanager, $advancedoptions, substr($act, 5));
}
if (!$exp_path) {
@@ -307,6 +308,9 @@ function download_begin(act, i, j) {
var verifyservercn;
verifyservercn = document.getElementById("verifyservercn").value;
+ var randomlocalport = 0;
+ if (document.getElementById("randomlocalport").checked)
+ randomlocalport = 1;
var usetoken = 0;
if (document.getElementById("usetoken").checked)
usetoken = 1;
@@ -381,6 +385,7 @@ function download_begin(act, i, j) {
}
dlurl += "&useaddr=" + escape(useaddr);
dlurl += "&verifyservercn=" + escape(verifyservercn);
+ dlurl += "&randomlocalport=" + escape(randomlocalport);
dlurl += "&openvpnmanager=" + escape(openvpnmanager);
dlurl += "&usetoken=" + escape(usetoken);
if (usepass)
@@ -642,6 +647,27 @@ function useproxy_changed(obj) {
</td>
</tr>
<tr>
+ <td width="22%" valign="top" class="vncell">Use Random Local Port</td>
+ <td width="78%" class="vtable">
+ <table border="0" cellpadding="2" cellspacing="0" summary="random local port">
+ <tr>
+ <td>
+ <input name="randomlocalport" id="randomlocalport" type="checkbox" value="yes" checked="CHECKED" />
+ </td>
+ <td>
+ <span class="vexpl">
+ Use a random local source port (lport) for traffic from the client. Without this set, two clients may not run concurrently.
+ </span>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2">
+ <span class="vexpl"><br/>NOTE: Not supported on older clients. Automatically disabled for Yealink and Snom configurations.</span>
+ </td>
+ </tr>
+ </table>
+ </tr>
+ <tr>
<td width="22%" valign="top" class="vncell">Certificate Export Options</td>
<td width="78%" class="vtable">
<table border="0" cellpadding="2" cellspacing="0" summary="export options">
@@ -806,10 +832,14 @@ function useproxy_changed(obj) {
This will change the generated .ovpn configuration to allow for usage of the management interface.
And include the OpenVPNManager program in the "Windows Installers". With this OpenVPN can be used also by non-administrator users.
This is also useful for Windows Vista/7/8 systems where elevated permissions are needed to add routes to the system.
- <br/><br/>NOTE: This is not currently compatible with the 64-bit OpenVPN installer. It will work with the 32-bit installer on a 64-bit system.
</span>
</td>
</tr>
+ <tr>
+ <td colspan="2">
+ <span class="vexpl"><br/>NOTE: This is not currently compatible with the 64-bit OpenVPN installer. It will work with the 32-bit installer on a 64-bit system.</span>
+ </td>
+ </tr>
</table>
</td>
</tr>