diff options
Diffstat (limited to 'config/openvpn-client-export/vpn_openvpn_export.php')
| -rwxr-xr-x | config/openvpn-client-export/vpn_openvpn_export.php | 81 |
1 files changed, 56 insertions, 25 deletions
diff --git a/config/openvpn-client-export/vpn_openvpn_export.php b/config/openvpn-client-export/vpn_openvpn_export.php index ad6c65da..8d002397 100755 --- a/config/openvpn-client-export/vpn_openvpn_export.php +++ b/config/openvpn-client-export/vpn_openvpn_export.php @@ -138,7 +138,8 @@ if (!empty($act)) { $advancedoptions = $_GET['advancedoptions']; $openvpnmanager = $_GET['openvpnmanager']; - $quoteservercn = $_GET['quoteservercn']; + $verifyservercn = $_GET['verifyservercn']; + $randomlocalport = $_GET['randomlocalport']; $usetoken = $_GET['usetoken']; if ($usetoken && (substr($act, 0, 10) == "confinline")) $input_errors[] = "You cannot use Microsoft Certificate Storage with an Inline configuration."; @@ -213,17 +214,17 @@ if (!empty($act)) { $exp_name = urlencode($exp_name."-config.ovpn"); $expformat = "baseconf"; } - $exp_path = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $nokeys, $proxy, $expformat, $password, false, false, $openvpnmanager, $advancedoptions); + $exp_path = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, $nokeys, $proxy, $expformat, $password, false, false, $openvpnmanager, $advancedoptions); } if($act == "visc") { $exp_name = urlencode($exp_name."-Viscosity.visc.zip"); - $exp_path = viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $password, $proxy, $openvpnmanager, $advancedoptions); + $exp_path = viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, $password, $proxy, $openvpnmanager, $advancedoptions); } if(substr($act, 0, 4) == "inst") { $exp_name = urlencode($exp_name."-install.exe"); - $exp_path = openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $password, $proxy, $openvpnmanager, $advancedoptions, substr($act, 5)); + $exp_path = openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, $password, $proxy, $openvpnmanager, $advancedoptions, substr($act, 5)); } if (!$exp_path) { @@ -304,9 +305,12 @@ function download_begin(act, i, j) { advancedoptions = document.getElementById("advancedoptions").value; - var quoteservercn = 0; - if (document.getElementById("quoteservercn").checked) - quoteservercn = 1; + var verifyservercn; + verifyservercn = document.getElementById("verifyservercn").value; + + var randomlocalport = 0; + if (document.getElementById("randomlocalport").checked) + randomlocalport = 1; var usetoken = 0; if (document.getElementById("usetoken").checked) usetoken = 1; @@ -380,7 +384,8 @@ function download_begin(act, i, j) { dlurl += "&crtid=" + escape(certs[j][0]); } dlurl += "&useaddr=" + escape(useaddr); - dlurl += ""eservercn=" + escape(quoteservercn); + dlurl += "&verifyservercn=" + escape(verifyservercn); + dlurl += "&randomlocalport=" + escape(randomlocalport); dlurl += "&openvpnmanager=" + escape(openvpnmanager); dlurl += "&usetoken=" + escape(usetoken); if (usepass) @@ -434,11 +439,9 @@ function server_changed() { cell2.innerHTML += "<a href='javascript:download_begin(\"confinline\"," + i + ", -1)'>Others<\/a>"; cell2.innerHTML += "<br\/>- Windows Installers:<br\/>"; cell2.innerHTML += " "; - cell2.innerHTML += "<a href='javascript:download_begin(\"inst\"," + i + ", -1)'>2.2<\/a>"; - cell2.innerHTML += " "; cell2.innerHTML += "<a href='javascript:download_begin(\"inst-2.3-x86\"," + i + ", -1)'>2.3-x86<\/a>"; -// cell2.innerHTML += " "; -// cell2.innerHTML += "<a href='javascript:download_begin(\"inst-2.3-x64\"," + i + ", -1)'>2.3-x64<\/a>"; + cell2.innerHTML += " "; + cell2.innerHTML += "<a href='javascript:download_begin(\"inst-2.3-x64\"," + i + ", -1)'>2.3-x64<\/a>"; cell2.innerHTML += "<br\/>- Mac OSX:<br\/>"; cell2.innerHTML += " "; cell2.innerHTML += "<a href='javascript:download_begin(\"visc\"," + i + ", -1)'>Viscosity Bundle<\/a>"; @@ -471,11 +474,9 @@ function server_changed() { cell2.innerHTML += "<a href='javascript:download_begin(\"confinline\", -1," + j + ")'>Others<\/a>"; cell2.innerHTML += "<br\/>- Windows Installers:<br\/>"; cell2.innerHTML += " "; - cell2.innerHTML += "<a href='javascript:download_begin(\"inst\", -1," + j + ")'>2.2<\/a>"; - cell2.innerHTML += " "; cell2.innerHTML += "<a href='javascript:download_begin(\"inst-2.3-x86\", -1," + j + ")'>2.3-x86<\/a>"; -// cell2.innerHTML += " "; -// cell2.innerHTML += "<a href='javascript:download_begin(\"inst-2.3-x64\", -1," + j + ")'>2.3-x64<\/a>"; + cell2.innerHTML += " "; + cell2.innerHTML += "<a href='javascript:download_begin(\"inst-2.3-x64\", -1," + j + ")'>2.3-x64<\/a>"; cell2.innerHTML += "<br\/>- Mac OSX:<br\/>"; cell2.innerHTML += " "; cell2.innerHTML += "<a href='javascript:download_begin(\"visc\", -1," + j + ")'>Viscosity Bundle<\/a>"; @@ -515,11 +516,9 @@ function server_changed() { cell2.innerHTML += "<a href='javascript:download_begin(\"confinline\"," + i + ")'>Others<\/a>"; cell2.innerHTML += "<br\/>- Windows Installers:<br\/>"; cell2.innerHTML += " "; - cell2.innerHTML += "<a href='javascript:download_begin(\"inst\"," + i + ")'>2.2<\/a>"; - cell2.innerHTML += " "; cell2.innerHTML += "<a href='javascript:download_begin(\"inst-2.3-x86\"," + i + ")'>2.3-x86<\/a>"; -// cell2.innerHTML += " "; -// cell2.innerHTML += "<a href='javascript:download_begin(\"inst-2.3-x64\"," + i + ")'>2.3-x64<\/a>"; + cell2.innerHTML += " "; + cell2.innerHTML += "<a href='javascript:download_begin(\"inst-2.3-x64\"," + i + ")'>2.3-x64<\/a>"; cell2.innerHTML += "<br\/>- Mac OSX:<br\/>"; cell2.innerHTML += " "; cell2.innerHTML += "<a href='javascript:download_begin(\"visc\"," + i + ")'>Viscosity Bundle<\/a>"; @@ -625,21 +624,48 @@ function useproxy_changed(obj) { </td> </tr> <tr> - <td width="22%" valign="top" class="vncell">Quote Server CN</td> + <td width="22%" valign="top" class="vncell">Verify Server CN</td> + <td width="78%" class="vtable"> + <table border="0" cellpadding="2" cellspacing="0" summary="verify server cn"> + <tr> + <td> + <select name="verifyservercn" id="verifyservercn" class="formselect"> + <option value="auto">Automatic - Use verify-x509-name (OpenVPN 2.3+) where possible</option> + <option value="tls-remote">Use tls-remote (Deprecated, use only on old clients <= OpenVPN 2.2.x)</option> + <option value="tls-remote-quote">Use tls-remote and quote the server CN</option> + <option value="none">Do not verify the server CN</option> + </select> + <br/> + <span class="vexpl"> + Optionally verify the server certificate Common Name (CN) when the client connects. Current clients, including the most recent versions of Windows, Viscosity, Tunnelblick, OpenVPN on iOS and Android and so on should all work at the default automatic setting. + <br/><br/>Only use tls-remote if you must use an older client that you cannot control. The option has been deprecated by OpenVPN and will be removed in the next major version. + <br/><br/>With tls-remote the server CN may optionally be enclosed in quotes. This can help if the server CN contains spaces and certain clients cannot parse the server CN. Some clients have problems parsing the CN with quotes. Use only as needed. + </span> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Use Random Local Port</td> <td width="78%" class="vtable"> - <table border="0" cellpadding="2" cellspacing="0" summary="quote server cn"> + <table border="0" cellpadding="2" cellspacing="0" summary="random local port"> <tr> <td> - <input name="quoteservercn" id="quoteservercn" type="checkbox" value="yes" /> + <input name="randomlocalport" id="randomlocalport" type="checkbox" value="yes" checked="CHECKED" /> </td> <td> <span class="vexpl"> - Enclose the server CN in quotes. Can help if your server CN contains spaces and certain clients cannot parse the server CN. Some clients have problems parsing the CN with quotes. Use only as needed. + Use a random local source port (lport) for traffic from the client. Without this set, two clients may not run concurrently. </span> </td> </tr> + <tr> + <td colspan="2"> + <span class="vexpl"><br/>NOTE: Not supported on older clients. Automatically disabled for Yealink and Snom configurations.</span> + </td> + </tr> </table> - </td> </tr> <tr> <td width="22%" valign="top" class="vncell">Certificate Export Options</td> @@ -809,6 +835,11 @@ function useproxy_changed(obj) { </span> </td> </tr> + <tr> + <td colspan="2"> + <span class="vexpl"><br/>NOTE: This is not currently compatible with the 64-bit OpenVPN installer. It will work with the 32-bit installer on a 64-bit system.</span> + </td> + </tr> </table> </td> </tr> |