diff options
-rw-r--r-- | config/apache_mod_security-dev/apache_virtualhost.xml | 6 | ||||
-rwxr-xr-x | config/openvpn-client-export/openvpn-client-export.inc | 23 | ||||
-rwxr-xr-x | config/openvpn-client-export/openvpn-client-export.xml | 2 | ||||
-rwxr-xr-x | config/openvpn-client-export/vpn_openvpn_export.php | 41 | ||||
-rw-r--r-- | pkg_config.8.xml | 4 | ||||
-rw-r--r-- | pkg_config.8.xml.amd64 | 4 |
6 files changed, 59 insertions, 21 deletions
diff --git a/config/apache_mod_security-dev/apache_virtualhost.xml b/config/apache_mod_security-dev/apache_virtualhost.xml index 9ac23dd6..2e29a9af 100644 --- a/config/apache_mod_security-dev/apache_virtualhost.xml +++ b/config/apache_mod_security-dev/apache_virtualhost.xml @@ -76,12 +76,12 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/apache_mod_security-dev/apache.tempalte</item> + <item>http://www.pfsense.com/packages/config/apache_mod_security-dev/apache.template</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/apache_mod_security-dev/apache_balancer.tempalte</item> + <item>http://www.pfsense.com/packages/config/apache_mod_security-dev/apache_balancer.template</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> @@ -96,7 +96,7 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/apache_mod_security-dev/apache_mod_security_manipulator.xml</item> + <item>http://www.pfsense.com/packages/config/apache_mod_security-dev/apache_mod_security_manipulation.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc index 9f06ed0c..1c556d10 100755 --- a/config/openvpn-client-export/openvpn-client-export.inc +++ b/config/openvpn-client-export/openvpn-client-export.inc @@ -151,7 +151,7 @@ function openvpn_client_export_validate_config($srvid, $usrid, $crtid) { return array($settings, $server_cert, $server_ca, $servercn, $user, $cert, $nokeys); } -function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, $nokeys = false, $proxy, $expformat = "baseconf", $outpass = "", $skiptls=false, $doslines=false, $advancedoptions = "") { +function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $nokeys = false, $proxy, $expformat = "baseconf", $outpass = "", $skiptls=false, $doslines=false, $advancedoptions = "") { global $config, $input_errors, $g; $nl = ($doslines) ? "\r\n" : "\n"; @@ -198,8 +198,10 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke $conf .= "client{$nl}"; $conf .= "resolv-retry infinite{$nl}"; $conf .= "remote {$server_host} {$server_port}{$nl}"; - if (!empty($servercn)) - $conf .= "tls-remote \"{$servercn}\"{$nl}"; + if (!empty($servercn)) { + $qw = ($quoteservercn) ? "\"" : ""; + $conf .= "tls-remote {$qw}{$servercn}{$qw}{$nl}"; + } if (!empty($proxy)) { if ($proto == "udp") { @@ -239,6 +241,10 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke $conf .= "ca /phone/config/openvpn/keys/ca.crt{$nl}"; $conf .= "cert /phone/config/openvpn/keys/client1.crt{$nl}"; $conf .= "key /phone/config/openvpn/keys/client1.key{$nl}"; + } elseif ($expformat == "yealink_t38g2") { + $conf .= "ca /config/openvpn/keys/ca.crt{$nl}"; + $conf .= "cert /config/openvpn/keys/client1.crt{$nl}"; + $conf .= "key /config/openvpn/keys/client1.key{$nl}"; } elseif ($expformat == "snom") { $conf .= "ca /openvpn/ca.crt{$nl}"; $conf .= "cert /openvpn/phone1.crt{$nl}"; @@ -263,6 +269,8 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke $conf .= "tls-auth /yealink/config/openvpn/keys/ta.key 1{$nl}"; elseif ($expformat == "yealink_t38g") $conf .= "tls-auth /phone/config/openvpn/keys/ta.key 1{$nl}"; + elseif ($expformat == "yealink_t38g2") + $conf .= "tls-auth /config/openvpn/keys/ta.key 1{$nl}"; elseif ($expformat == "snom") $conf .= "tls-auth /openvpn/ta.key 1{$nl}"; else @@ -344,6 +352,7 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke break; case "yealink_t28": case "yealink_t38g": + case "yealink_t38g2": // create template directory $tempdir = "{$g['tmp_path']}/{$prefix}"; $keydir = "{$tempdir}/keys"; @@ -402,7 +411,7 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke } } -function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $usetoken, $outpass, $proxy, $advancedoptions) { +function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $outpass, $proxy, $advancedoptions) { global $config, $g, $input_errors; $uname_p = trim(exec("uname -p")); @@ -439,7 +448,7 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $uset $pwdfle .= "{$proxy['password']}\r\n"; file_put_contents("{$confdir}/{$proxy['passwdfile']}", $pwdfle); } - $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, $nokeys, $proxy, "", "baseconf", false, true, $advancedoptions); + $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $nokeys, $proxy, "", "baseconf", false, true, $advancedoptions); if (!$conf) { $input_errors[] = "Could not create a config to export."; return false; @@ -498,7 +507,7 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $uset return $outfile; } -function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $usetoken, $outpass, $proxy, $advancedoptions) { +function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $outpass, $proxy, $advancedoptions) { global $config, $g; $uname_p = trim(exec("uname -p")); @@ -533,7 +542,7 @@ function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $usead file_put_contents("{$tempdir}/{$proxy['passwdfile']}", $pwdfle); } - $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, true, $proxy, "baseconf", "", true, $advancedoptions); + $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, true, $proxy, "baseconf", "", true, $advancedoptions); if (!$conf) return false; diff --git a/config/openvpn-client-export/openvpn-client-export.xml b/config/openvpn-client-export/openvpn-client-export.xml index 254a95c7..02949cbd 100755 --- a/config/openvpn-client-export/openvpn-client-export.xml +++ b/config/openvpn-client-export/openvpn-client-export.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8" ?> <packagegui> <name>OpenVPN Client Export</name> - <version>0.22</version> + <version>0.24</version> <title>OpenVPN Client Export</title> <include_file>/usr/local/pkg/openvpn-client-export.inc</include_file> <backup_file></backup_file> diff --git a/config/openvpn-client-export/vpn_openvpn_export.php b/config/openvpn-client-export/vpn_openvpn_export.php index fa3bcb9c..811fb62f 100755 --- a/config/openvpn-client-export/vpn_openvpn_export.php +++ b/config/openvpn-client-export/vpn_openvpn_export.php @@ -137,10 +137,11 @@ if (!empty($act)) { $useaddr = $_GET['useaddr']; $advancedoptions = $_GET['advancedoptions']; + $quoteservercn = $_GET['quoteservercn']; $usetoken = $_GET['usetoken']; if ($usetoken && ($act == "confinline")) $input_errors[] = "You cannot use Microsoft Certificate Storage with an Inline configuration."; - if ($usetoken && (($act == "conf_yealink_t28") || ($act == "conf_yealink_t38g") || ($act == "conf_snom"))) + if ($usetoken && (($act == "conf_yealink_t28") || ($act == "conf_yealink_t38g") || ($act == "conf_yealink_t38g2") || ($act == "conf_snom"))) $input_errors[] = "You cannot use Microsoft Certificate Storage with a Yealink or SNOM configuration."; $password = ""; if ($_GET['password']) @@ -186,6 +187,10 @@ if (!empty($act)) { $exp_name = urlencode("client.tar"); $expformat = "yealink_t38g"; break; + case "conf_yealink_t38g2": + $exp_name = urlencode("client.tar"); + $expformat = "yealink_t38g2"; + break; case "conf_snom": $exp_name = urlencode("vpnclient.tar"); $expformat = "snom"; @@ -198,17 +203,17 @@ if (!empty($act)) { $exp_name = urlencode($exp_name."-config.ovpn"); $expformat = "baseconf"; } - $exp_path = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, $nokeys, $proxy, $expformat, $password, false, false, $advancedoptions); + $exp_path = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $nokeys, $proxy, $expformat, $password, false, false, $advancedoptions); } if($act == "visc") { $exp_name = urlencode($exp_name."-Viscosity.visc.zip"); - $exp_path = viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $usetoken, $password, $proxy, $advancedoptions); + $exp_path = viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $password, $proxy, $advancedoptions); } if($act == "inst") { $exp_name = urlencode($exp_name."-install.exe"); - $exp_path = openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $usetoken, $password, $proxy, $advancedoptions); + $exp_path = openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $password, $proxy, $advancedoptions); } if (!$exp_path) { @@ -289,6 +294,9 @@ function download_begin(act, i, j) { advancedoptions = document.getElementById("advancedoptions").value; + var quoteservercn = 0; + if (document.getElementById("quoteservercn").checked) + quoteservercn = 1; var usetoken = 0; if (document.getElementById("usetoken").checked) usetoken = 1; @@ -357,6 +365,7 @@ function download_begin(act, i, j) { dlurl += "&crtid=" + escape(certs[j][0]); } dlurl += "&useaddr=" + escape(useaddr); + dlurl += ""eservercn=" + escape(quoteservercn); dlurl += "&usetoken=" + escape(usetoken); if (usepass) dlurl += "&password=" + escape(pass); @@ -428,10 +437,13 @@ function server_changed() { cell2.innerHTML += "<br/>"; cell2.innerHTML += "<a href='javascript:download_begin(\"visc\", -1," + j + ")'>Viscosity Bundle</a>"; if (servers[index][2] == "server_tls") { - cell2.innerHTML += "<br/>Yealink SIP Handset: "; + cell2.innerHTML += "<br/>Yealink SIP Handsets: <br/>"; + cell2.innerHTML += " "; cell2.innerHTML += "<a href='javascript:download_begin(\"conf_yealink_t28\", -1," + j + ")'>T28</a>"; cell2.innerHTML += " "; - cell2.innerHTML += "<a href='javascript:download_begin(\"conf_yealink_t38g\", -1," + j + ")'>T38G</a>"; + cell2.innerHTML += "<a href='javascript:download_begin(\"conf_yealink_t38g\", -1," + j + ")'>T38G (1)</a>"; + cell2.innerHTML += " "; + cell2.innerHTML += "<a href='javascript:download_begin(\"conf_yealink_t38g2\", -1," + j + ")'>T38G (2)</a>"; cell2.innerHTML += "<br/>"; cell2.innerHTML += "<a href='javascript:download_begin(\"conf_snom\", -1," + j + ")'>SNOM SIP Handset</a>"; } @@ -550,6 +562,23 @@ function useproxy_changed(obj) { </td> </tr> <tr> + <td width="22%" valign="top" class="vncell">Quote Server CN</td> + <td width="78%" class="vtable"> + <table border="0" cellpadding="2" cellspacing="0"> + <tr> + <td> + <input name="quoteservercn" id="quoteservercn" type="checkbox" value="yes"> + </td> + <td> + <span class="vexpl"> + Enclose the server CN in quotes. Can help if your server CN contains spaces and certain clients cannot parse the server CN. Some clients have problems parsing the CN with quotes. Use only as needed. + </span> + </td> + </tr> + </table> + </td> + </tr> + <tr> <td width="22%" valign="top" class="vncell">Certificate Export Options</td> <td width="78%" class="vtable"> <table border="0" cellpadding="2" cellspacing="0"> diff --git a/pkg_config.8.xml b/pkg_config.8.xml index f943d8be..823b83a2 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -176,7 +176,7 @@ <depends_on_package_pbi>haproxy-1.4.21-i386.pbi</depends_on_package_pbi> </package> <package> - <name>Apache+mod_security-dev</name> + <name>Apache with mod_security-dev</name> <pkginfolink>http://doc.pfsense.org/index.php/ProxyServerModSecurity_package</pkginfolink> <website>http://www.modsecurity.org/</website> <descr>ModSecurity is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. In addition this package allows URL forwarding which can be convenient for hosting multiple websites behind pfSense using 1 IP address.</descr> @@ -1381,7 +1381,7 @@ <depends_on_package_pbi>zip-3.0-i386.pbi p7zip-9.20.1-i386.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/archivers/p7zip</build_port_path> <build_port_path>/usr/ports/archivers/zip</build_port_path> - <version>0.22</version> + <version>0.24</version> <status>BETA</status> <required_version>2.0</required_version> <config_file>http://www.pfsense.com/packages/config/openvpn-client-export/openvpn-client-export.xml</config_file> diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index 6c19a678..42c04536 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -163,7 +163,7 @@ <depends_on_package_pbi>haproxy-1.4.21-amd64.pbi</depends_on_package_pbi> </package> <package> - <name>apache+mod_security-dev</name> + <name>Apache with mod_security-dev</name> <pkginfolink>http://doc.pfsense.org/index.php/ProxyServerModSecurity_package</pkginfolink> <website>http://www.modsecurity.org/</website> <descr>ModSecurity is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. In addition this package allows URL forwarding which can be convenient for hosting multiple websites behind pfSense using 1 IP address.</descr> @@ -1368,7 +1368,7 @@ <depends_on_package_pbi>p7zip-9.20.1-amd64.pbi zip-3.0-amd64.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/archivers/p7zip</build_port_path> <build_port_path>/usr/ports/archivers/zip</build_port_path> - <version>0.22</version> + <version>0.24</version> <status>BETA</status> <required_version>2.0</required_version> <config_file>http://www.pfsense.com/packages/config/openvpn-client-export/openvpn-client-export.xml</config_file> |