aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
authorjim-p <jimp@pfsense.org>2012-09-18 13:53:03 -0400
committerjim-p <jimp@pfsense.org>2012-09-18 14:46:49 -0400
commitb7cb81919d718fc0183cdc0297a2800c6b5902b9 (patch)
tree34347c4009fdf714b8395d75ef703a894a09d116 /config
parent0781f617a535e9a51bf33f98282457451af114a2 (diff)
downloadpfsense-packages-b7cb81919d718fc0183cdc0297a2800c6b5902b9.tar.gz
pfsense-packages-b7cb81919d718fc0183cdc0297a2800c6b5902b9.tar.bz2
pfsense-packages-b7cb81919d718fc0183cdc0297a2800c6b5902b9.zip
Make quoting the server CN optional since it seems to break more clients than it fixes; Add a third Yealink variant.
Diffstat (limited to 'config')
-rwxr-xr-xconfig/openvpn-client-export/openvpn-client-export.inc23
-rwxr-xr-xconfig/openvpn-client-export/openvpn-client-export.xml2
-rwxr-xr-xconfig/openvpn-client-export/vpn_openvpn_export.php41
3 files changed, 52 insertions, 14 deletions
diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc
index 9f06ed0c..1c556d10 100755
--- a/config/openvpn-client-export/openvpn-client-export.inc
+++ b/config/openvpn-client-export/openvpn-client-export.inc
@@ -151,7 +151,7 @@ function openvpn_client_export_validate_config($srvid, $usrid, $crtid) {
return array($settings, $server_cert, $server_ca, $servercn, $user, $cert, $nokeys);
}
-function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, $nokeys = false, $proxy, $expformat = "baseconf", $outpass = "", $skiptls=false, $doslines=false, $advancedoptions = "") {
+function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $nokeys = false, $proxy, $expformat = "baseconf", $outpass = "", $skiptls=false, $doslines=false, $advancedoptions = "") {
global $config, $input_errors, $g;
$nl = ($doslines) ? "\r\n" : "\n";
@@ -198,8 +198,10 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke
$conf .= "client{$nl}";
$conf .= "resolv-retry infinite{$nl}";
$conf .= "remote {$server_host} {$server_port}{$nl}";
- if (!empty($servercn))
- $conf .= "tls-remote \"{$servercn}\"{$nl}";
+ if (!empty($servercn)) {
+ $qw = ($quoteservercn) ? "\"" : "";
+ $conf .= "tls-remote {$qw}{$servercn}{$qw}{$nl}";
+ }
if (!empty($proxy)) {
if ($proto == "udp") {
@@ -239,6 +241,10 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke
$conf .= "ca /phone/config/openvpn/keys/ca.crt{$nl}";
$conf .= "cert /phone/config/openvpn/keys/client1.crt{$nl}";
$conf .= "key /phone/config/openvpn/keys/client1.key{$nl}";
+ } elseif ($expformat == "yealink_t38g2") {
+ $conf .= "ca /config/openvpn/keys/ca.crt{$nl}";
+ $conf .= "cert /config/openvpn/keys/client1.crt{$nl}";
+ $conf .= "key /config/openvpn/keys/client1.key{$nl}";
} elseif ($expformat == "snom") {
$conf .= "ca /openvpn/ca.crt{$nl}";
$conf .= "cert /openvpn/phone1.crt{$nl}";
@@ -263,6 +269,8 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke
$conf .= "tls-auth /yealink/config/openvpn/keys/ta.key 1{$nl}";
elseif ($expformat == "yealink_t38g")
$conf .= "tls-auth /phone/config/openvpn/keys/ta.key 1{$nl}";
+ elseif ($expformat == "yealink_t38g2")
+ $conf .= "tls-auth /config/openvpn/keys/ta.key 1{$nl}";
elseif ($expformat == "snom")
$conf .= "tls-auth /openvpn/ta.key 1{$nl}";
else
@@ -344,6 +352,7 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke
break;
case "yealink_t28":
case "yealink_t38g":
+ case "yealink_t38g2":
// create template directory
$tempdir = "{$g['tmp_path']}/{$prefix}";
$keydir = "{$tempdir}/keys";
@@ -402,7 +411,7 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke
}
}
-function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $usetoken, $outpass, $proxy, $advancedoptions) {
+function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $outpass, $proxy, $advancedoptions) {
global $config, $g, $input_errors;
$uname_p = trim(exec("uname -p"));
@@ -439,7 +448,7 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $uset
$pwdfle .= "{$proxy['password']}\r\n";
file_put_contents("{$confdir}/{$proxy['passwdfile']}", $pwdfle);
}
- $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, $nokeys, $proxy, "", "baseconf", false, true, $advancedoptions);
+ $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $nokeys, $proxy, "", "baseconf", false, true, $advancedoptions);
if (!$conf) {
$input_errors[] = "Could not create a config to export.";
return false;
@@ -498,7 +507,7 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $uset
return $outfile;
}
-function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $usetoken, $outpass, $proxy, $advancedoptions) {
+function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $outpass, $proxy, $advancedoptions) {
global $config, $g;
$uname_p = trim(exec("uname -p"));
@@ -533,7 +542,7 @@ function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $usead
file_put_contents("{$tempdir}/{$proxy['passwdfile']}", $pwdfle);
}
- $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, true, $proxy, "baseconf", "", true, $advancedoptions);
+ $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, true, $proxy, "baseconf", "", true, $advancedoptions);
if (!$conf)
return false;
diff --git a/config/openvpn-client-export/openvpn-client-export.xml b/config/openvpn-client-export/openvpn-client-export.xml
index 254a95c7..02949cbd 100755
--- a/config/openvpn-client-export/openvpn-client-export.xml
+++ b/config/openvpn-client-export/openvpn-client-export.xml
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="utf-8" ?>
<packagegui>
<name>OpenVPN Client Export</name>
- <version>0.22</version>
+ <version>0.24</version>
<title>OpenVPN Client Export</title>
<include_file>/usr/local/pkg/openvpn-client-export.inc</include_file>
<backup_file></backup_file>
diff --git a/config/openvpn-client-export/vpn_openvpn_export.php b/config/openvpn-client-export/vpn_openvpn_export.php
index fa3bcb9c..811fb62f 100755
--- a/config/openvpn-client-export/vpn_openvpn_export.php
+++ b/config/openvpn-client-export/vpn_openvpn_export.php
@@ -137,10 +137,11 @@ if (!empty($act)) {
$useaddr = $_GET['useaddr'];
$advancedoptions = $_GET['advancedoptions'];
+ $quoteservercn = $_GET['quoteservercn'];
$usetoken = $_GET['usetoken'];
if ($usetoken && ($act == "confinline"))
$input_errors[] = "You cannot use Microsoft Certificate Storage with an Inline configuration.";
- if ($usetoken && (($act == "conf_yealink_t28") || ($act == "conf_yealink_t38g") || ($act == "conf_snom")))
+ if ($usetoken && (($act == "conf_yealink_t28") || ($act == "conf_yealink_t38g") || ($act == "conf_yealink_t38g2") || ($act == "conf_snom")))
$input_errors[] = "You cannot use Microsoft Certificate Storage with a Yealink or SNOM configuration.";
$password = "";
if ($_GET['password'])
@@ -186,6 +187,10 @@ if (!empty($act)) {
$exp_name = urlencode("client.tar");
$expformat = "yealink_t38g";
break;
+ case "conf_yealink_t38g2":
+ $exp_name = urlencode("client.tar");
+ $expformat = "yealink_t38g2";
+ break;
case "conf_snom":
$exp_name = urlencode("vpnclient.tar");
$expformat = "snom";
@@ -198,17 +203,17 @@ if (!empty($act)) {
$exp_name = urlencode($exp_name."-config.ovpn");
$expformat = "baseconf";
}
- $exp_path = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, $nokeys, $proxy, $expformat, $password, false, false, $advancedoptions);
+ $exp_path = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $nokeys, $proxy, $expformat, $password, false, false, $advancedoptions);
}
if($act == "visc") {
$exp_name = urlencode($exp_name."-Viscosity.visc.zip");
- $exp_path = viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $usetoken, $password, $proxy, $advancedoptions);
+ $exp_path = viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $password, $proxy, $advancedoptions);
}
if($act == "inst") {
$exp_name = urlencode($exp_name."-install.exe");
- $exp_path = openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $usetoken, $password, $proxy, $advancedoptions);
+ $exp_path = openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $password, $proxy, $advancedoptions);
}
if (!$exp_path) {
@@ -289,6 +294,9 @@ function download_begin(act, i, j) {
advancedoptions = document.getElementById("advancedoptions").value;
+ var quoteservercn = 0;
+ if (document.getElementById("quoteservercn").checked)
+ quoteservercn = 1;
var usetoken = 0;
if (document.getElementById("usetoken").checked)
usetoken = 1;
@@ -357,6 +365,7 @@ function download_begin(act, i, j) {
dlurl += "&crtid=" + escape(certs[j][0]);
}
dlurl += "&useaddr=" + escape(useaddr);
+ dlurl += "&quoteservercn=" + escape(quoteservercn);
dlurl += "&usetoken=" + escape(usetoken);
if (usepass)
dlurl += "&password=" + escape(pass);
@@ -428,10 +437,13 @@ function server_changed() {
cell2.innerHTML += "<br/>";
cell2.innerHTML += "<a href='javascript:download_begin(\"visc\", -1," + j + ")'>Viscosity Bundle</a>";
if (servers[index][2] == "server_tls") {
- cell2.innerHTML += "<br/>Yealink SIP Handset: &nbsp;&nbsp;";
+ cell2.innerHTML += "<br/>Yealink SIP Handsets: <br/>";
+ cell2.innerHTML += "&nbsp;&nbsp; ";
cell2.innerHTML += "<a href='javascript:download_begin(\"conf_yealink_t28\", -1," + j + ")'>T28</a>";
cell2.innerHTML += "&nbsp;&nbsp; ";
- cell2.innerHTML += "<a href='javascript:download_begin(\"conf_yealink_t38g\", -1," + j + ")'>T38G</a>";
+ cell2.innerHTML += "<a href='javascript:download_begin(\"conf_yealink_t38g\", -1," + j + ")'>T38G (1)</a>";
+ cell2.innerHTML += "&nbsp;&nbsp; ";
+ cell2.innerHTML += "<a href='javascript:download_begin(\"conf_yealink_t38g2\", -1," + j + ")'>T38G (2)</a>";
cell2.innerHTML += "<br/>";
cell2.innerHTML += "<a href='javascript:download_begin(\"conf_snom\", -1," + j + ")'>SNOM SIP Handset</a>";
}
@@ -550,6 +562,23 @@ function useproxy_changed(obj) {
</td>
</tr>
<tr>
+ <td width="22%" valign="top" class="vncell">Quote Server CN</td>
+ <td width="78%" class="vtable">
+ <table border="0" cellpadding="2" cellspacing="0">
+ <tr>
+ <td>
+ <input name="quoteservercn" id="quoteservercn" type="checkbox" value="yes">
+ </td>
+ <td>
+ <span class="vexpl">
+ Enclose the server CN in quotes. Can help if your server CN contains spaces and certain clients cannot parse the server CN. Some clients have problems parsing the CN with quotes. Use only as needed.
+ </span>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <tr>
<td width="22%" valign="top" class="vncell">Certificate Export Options</td>
<td width="78%" class="vtable">
<table border="0" cellpadding="2" cellspacing="0">