diff options
Diffstat (limited to 'config/openvpn-client-export')
4 files changed, 304 insertions, 38 deletions
diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc index c7afb9e6..4d6ded8f 100755 --- a/config/openvpn-client-export/openvpn-client-export.inc +++ b/config/openvpn-client-export/openvpn-client-export.inc @@ -170,7 +170,7 @@ function openvpn_client_export_validate_config($srvid, $usrid, $crtid) { return array($settings, $server_cert, $server_ca, $servercn, $user, $cert, $nokeys); } -function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $nokeys = false, $proxy, $expformat = "baseconf", $outpass = "", $skiptls=false, $doslines=false, $openvpnmanager, $advancedoptions = "") { +function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, $nokeys = false, $proxy, $expformat = "baseconf", $outpass = "", $skiptls=false, $doslines=false, $openvpnmanager, $advancedoptions = "") { global $config, $input_errors, $g; $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); @@ -209,9 +209,29 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $quotese if (($expformat != "inlinedroid") && ($expformat != "inlineios")) $conf .= "resolv-retry infinite{$nl}"; $conf .= "$remotes{$nl}"; - if (!empty($servercn)) { - $qw = ($quoteservercn) ? "\"" : ""; - $conf .= "verify-x509-name {$qw}{$servercn}{$qw} name{$nl}"; + + /* Use a random local port, otherwise two clients will conflict if they run at the same time. + May not be supported on older clients (Released before May 2010) */ + if (($randomlocalport != 0) && (substr($expformat, 0, 7) != "yealink") && ($expformat != "snom")) + $conf .= "lport 0{$nl}"; + + /* This line can cause problems with auth-only setups and also with Yealink/Snom phones + since they are stuck on an older OpenVPN version that does not support this feature. */ + if (!empty($servercn) && !$nokeys) { + switch ($verifyservercn) { + case "none": + break; + case "tls-remote": + $conf .= "tls-remote {$servercn}{$nl}"; + break; + case "tls-remote-quote": + $conf .= "tls-remote \"{$servercn}\"{$nl}"; + break; + default: + if ((substr($expformat, 0, 7) != "yealink") && ($expformat != "snom")) { + $conf .= "verify-x509-name \"{$servercn}\" name{$nl}"; + } + } } if (!empty($proxy)) { @@ -457,7 +477,7 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $quotese } } -function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $outpass, $proxy, $openvpnmanager, $advancedoptions, $openvpn_version = "2.1") { +function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, $outpass, $proxy, $openvpnmanager, $advancedoptions, $openvpn_version = "2.1") { global $config, $g, $input_errors; $uname_p = trim(exec("uname -p")); @@ -469,7 +489,7 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $quot $client_install_exe = "openvpn-install-2.3-x86_64.exe"; break; default: - $client_install_exe = "openvpn-install-2.2.exe"; + $client_install_exe = "openvpn-install-2.3-i686.exe"; } $ovpndir = "/usr/local/share/openvpn"; @@ -497,6 +517,8 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $quot exec("cp -r {$workdir}/template/* {$tempdir}"); // and put the required installer exe in place exec("/bin/cp {$tempdir}/{$client_install_exe} {$tempdir}/openvpn-install.exe"); + if (stristr($openvpn_version, "x64")) + rename("{$tempdir}/openvpn-postinstall64.exe", "{$tempdir}/openvpn-postinstall.exe"); // write configuration file $prefix = openvpn_client_export_prefix($srvid, $usrid, $crtid); @@ -507,7 +529,7 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $quot $pwdfle .= "{$proxy['password']}\r\n"; file_put_contents("{$confdir}/{$proxy['passwdfile']}", $pwdfle); } - $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $nokeys, $proxy, "", "baseconf", false, true, $openvpnmanager, $advancedoptions); + $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, $nokeys, $proxy, "", "baseconf", false, true, $openvpnmanager, $advancedoptions); if (!$conf) { $input_errors[] = "Could not create a config to export."; return false; @@ -542,8 +564,6 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $quot if ($openvpnmanager) $files .= "openvpnmanager "; - unlink("openvpn-postinstall.exe"); - rename("openvpnmanager/openvpn-postinstall.exe","openvpn-postinstall.exe"); $files .= "openvpn-install.exe "; $files .= "openvpn-postinstall.exe "; if ($usetoken) @@ -574,7 +594,7 @@ RunProgram="openvpn-postinstall.exe" return $outfile; } -function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $outpass, $proxy, $openvpnmanager, $advancedoptions) { +function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, $outpass, $proxy, $openvpnmanager, $advancedoptions) { global $config, $g; $uname_p = trim(exec("uname -p")); @@ -609,14 +629,14 @@ function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $usead file_put_contents("{$tempdir}/{$proxy['passwdfile']}", $pwdfle); } - $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, true, $proxy, "baseconf", "", true, $openvpnmanager, $advancedoptions); + $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, true, $proxy, "baseconf", "", true, $openvpnmanager, $advancedoptions); if (!$conf) return false; // We need to nuke the ca line from the above config if it exists. $conf = explode("\n", $conf); for ($i=0; $i < count($conf); $i++) { - if (substr($conf[$i], 0, 3) == "ca ") + if ((substr($conf[$i], 0, 3) == "ca ") || (substr($conf[$i], 0, 7) == "pkcs12 ")) unset($conf[$i]); } $conf = implode("\n", $conf); diff --git a/config/openvpn-client-export/openvpn-client-export.xml b/config/openvpn-client-export/openvpn-client-export.xml index a1c263f1..0af838e9 100755 --- a/config/openvpn-client-export/openvpn-client-export.xml +++ b/config/openvpn-client-export/openvpn-client-export.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8" ?> <packagegui> <name>OpenVPN Client Export</name> - <version>1.1.3</version> + <version>1.2.4</version> <title>OpenVPN Client Export</title> <include_file>/usr/local/pkg/openvpn-client-export.inc</include_file> <backup_file></backup_file> diff --git a/config/openvpn-client-export/source/openvpn-postinstall64.nsi b/config/openvpn-client-export/source/openvpn-postinstall64.nsi new file mode 100644 index 00000000..b962ddff --- /dev/null +++ b/config/openvpn-client-export/source/openvpn-postinstall64.nsi @@ -0,0 +1,215 @@ +;-------------------------------- +; OpenVPN NSIS Post-Installer +;-------------------------------- + +;-------------------------------- +;Include Modern UI + +Var /GLOBAL mui.FinishPage.Run +!define MUI_FINISHPAGE_RUN_VARIABLES + + !include "MUI2.nsh" + !include "FileFunc.nsh" + !include "LogicLib.nsh" + +;-------------------------------- +; General +;-------------------------------- + + Name "OpenVPN Configuration" + OutFile "openvpn-postinstall64.exe" + SetCompressor /SOLID lzma + + ShowInstDetails show + + !include "dotnet2.nsh" + !include "x64.nsh" +;-------------------------------- +;Include Settings +;-------------------------------- + + !define MUI_ICON "openvpn-postinstall.ico" + !define MUI_ABORTWARNING + +;-------------------------------- +;Pages +;-------------------------------- + +!define WELCOME_TITLE 'Welcome to OpenVPN installer.' + +!define WELCOME_TEXT "This wizard will guide you through the installation of the OpenVPN client and configuration.$\r$\n$\r$\n\ +This wil automaticaly install the configuration files needed for your connection. \ +And if needed install the required DotNet2 framework." + !define MUI_WELCOMEPAGE_TITLE '${WELCOME_TITLE}' + ;!define MUI_WELCOMEPAGE_TITLE_3LINES + !define MUI_WELCOMEPAGE_TEXT '${WELCOME_TEXT}' + !insertmacro MUI_PAGE_WELCOME + + !insertmacro MUI_PAGE_INSTFILES + + + !define MUI_FINISHPAGE_RUN "C:\User\test.lnk" + !define MUI_FINISHPAGE_RUN_TEXT "Start OpenVPNManager." + !define MUI_FINISHPAGE_RUN_FUNCTION "LaunchLink" + !define MUI_PAGE_CUSTOMFUNCTION_SHOW finish_show + !insertmacro MUI_PAGE_FINISH + + !insertmacro Locate + !insertmacro GetParameters + !insertmacro GetOptions + +;-------------------------------- +;Languages +;-------------------------------- + + !insertmacro MUI_LANGUAGE "English" + +;-------------------------------- +;Functions +;-------------------------------- + +Function .onInit + Var /GLOBAL BINPATH + Var /GLOBAL CONFPATH + Var /GLOBAL OpenVPNManager + + ; If we are running on a 64-bit OS with a 64-bit payload then we must operate in the 64-bit registry + ; This should not be done if the payload is a 32-bit OpenVPN even on a 64-bit OS. + ${If} ${RunningX64} + SetRegView 64 + ${EndIf} + IfFileExists ".\OpenVPNManager" InstallOpenVPNManager1 DontInstallOpenVPNManager1 + InstallOpenVPNManager1: + strcpy $OpenVPNManager true + !insertmacro CheckForDotNET2 + Goto OpenVPNManagerDone1 + DontInstallOpenVPNManager1: + strcpy $OpenVPNManager false + OpenVPNManagerDone1: +FunctionEnd + +Function CopyConfFile + CopyFiles $R9 $CONFPATH\$R7 + Push $0 +FunctionEnd + +Function ImportConfFile + ExecWait "rundll32.exe cryptext.dll,CryptExtAddPFX $R9" + Push $0 +FunctionEnd + +Function CopyOpenVPNManager + DetailPrint "Installing OpenVPNManager..." + DetailPrint "Installing in: $BINPATH\OpenVPNManager\" + CreateDirectory "$BINPATH\OpenVPNManager" + CreateDirectory "$BINPATH\OpenVPNManager\config" + CopyFiles ".\OpenVPNManager\*.*" "$BINPATH\OpenVPNManager" + CreateShortcut "$desktop\OpenVPNManager.lnk" "$BINPATH\OpenVPNManager\OpenVPNManager.exe" + Push $0 +FunctionEnd + +Function finish_show + ${If} $OpenVPNManager != "true" + ;If OpenVPNManager is not installed then dont give the option to run it. (hide and uncheck the checkbox) + ShowWindow $mui.FinishPage.Run 0 + ${NSD_Uncheck} $mui.FinishPage.Run + ${EndIf} +FunctionEnd + +Function LaunchLink + ExecShell "" "$desktop\OpenVPNManager.lnk" +FunctionEnd +;-------------------------------- +;Installer Sections +;-------------------------------- + +Section "Import Configuration" SectionImport + ${If} $OpenVPNManager == "true" + ; OpenVPNManager needs dotnet2 + !insertmacro InstallDotNet2 + ${Endif} + + ClearErrors + ReadRegStr $BINPATH HKLM "Software\OpenVPN" "" + IfErrors OpenVPNInstall OpenVPNAlreadyInstalled + OpenVPNInstall: + DetailPrint "Pausing installation while OpenVPN installer runs." + ExecWait '".\openvpn-install.exe"' $1 + ${if} $OpenVPNManager == "true" + SetShellVarContext all + Delete "$desktop\OpenVPN GUI.lnk" + SetShellVarContext current + ${Endif} + Pop $0 + OpenVPNAlreadyInstalled: + + ClearErrors + ReadRegStr $BINPATH HKLM "Software\OpenVPN" "" + IfErrors OpenVPNnotFound OpenVPNok + OpenVPNnotFound: + Abort "OpenVPN installation not found, installation aborted." + OpenVPNok: + DetailPrint "Completed OpenVPN installation." + + ${If} $OpenVPNManager == "true" + strcpy $OpenVPNManager true + StrCpy $CONFPATH "$BINPATH\OpenVPNManager\config" + call "CopyOpenVPNManager" + ${Else} + strcpy $OpenVPNManager false + ClearErrors + ReadRegStr $CONFPATH HKLM "Software\OpenVPN" "config_dir" + IfErrors configNotFound configFound + configNotFound: + ReadRegStr $CONFPATH HKLM "Software\OpenVPN" "" + StrCpy $CONFPATH "$CONFPATH\config" + configFound: + + ${Endif} + + DetailPrint "Installing configuration files ..." + ${Locate} ".\config" "/L=F /M=*.ovpn" "CopyConfFile" + + DetailPrint "Installing certificate and key files ..." + ${Locate} ".\config" "/L=F /M=*.crt" "CopyConfFile" + ${Locate} ".\config" "/L=F /M=*.key" "CopyConfFile" + + ${If} $OpenVPNManager == "true" + DetailPrint "Registering OpenVPNManager service..." + ExecWait '"$BINPATH\OpenVPNManager\OpenVPNManager.exe" /install' + DetailPrint "Starting OpenVPNManager service..." + SimpleSC::StartService "OpenVPNManager" "" 30 + Pop $0 + ${Else} + ;DetailPrint "Starting OpenVPN Service..." + ;SimpleSC::StartService "OpenVPNService" "" 30 + ;Pop $0 + ${Endif} + + ${GetParameters} $R0 + ${GetOptions} $R0 "/Import" $R1 + IfErrors p12_copy p12_import + p12_copy: + ${Locate} ".\config" "/L=F /M=*.p12" "CopyConfFile" + Goto p12_done + p12_import: + ${Locate} ".\config" "/L=F /M=*.p12" "ImportConfFile" + Goto p12_done + p12_done: + +SectionEnd +;-------------------------------- +;Descriptions +;-------------------------------- + + ;Language strings + LangString DESC_SectionImport ${LANG_ENGLISH} "Import OpenVPN Configurations and Key Files." + + ;Assign language strings to sections + !insertmacro MUI_FUNCTION_DESCRIPTION_BEGIN + !insertmacro MUI_DESCRIPTION_TEXT ${SectionImport} $(DESC_SectionImport) + !insertmacro MUI_FUNCTION_DESCRIPTION_END + +;-------------------------------- +; END +;-------------------------------- diff --git a/config/openvpn-client-export/vpn_openvpn_export.php b/config/openvpn-client-export/vpn_openvpn_export.php index ad6c65da..8d002397 100755 --- a/config/openvpn-client-export/vpn_openvpn_export.php +++ b/config/openvpn-client-export/vpn_openvpn_export.php @@ -138,7 +138,8 @@ if (!empty($act)) { $advancedoptions = $_GET['advancedoptions']; $openvpnmanager = $_GET['openvpnmanager']; - $quoteservercn = $_GET['quoteservercn']; + $verifyservercn = $_GET['verifyservercn']; + $randomlocalport = $_GET['randomlocalport']; $usetoken = $_GET['usetoken']; if ($usetoken && (substr($act, 0, 10) == "confinline")) $input_errors[] = "You cannot use Microsoft Certificate Storage with an Inline configuration."; @@ -213,17 +214,17 @@ if (!empty($act)) { $exp_name = urlencode($exp_name."-config.ovpn"); $expformat = "baseconf"; } - $exp_path = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $nokeys, $proxy, $expformat, $password, false, false, $openvpnmanager, $advancedoptions); + $exp_path = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, $nokeys, $proxy, $expformat, $password, false, false, $openvpnmanager, $advancedoptions); } if($act == "visc") { $exp_name = urlencode($exp_name."-Viscosity.visc.zip"); - $exp_path = viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $password, $proxy, $openvpnmanager, $advancedoptions); + $exp_path = viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, $password, $proxy, $openvpnmanager, $advancedoptions); } if(substr($act, 0, 4) == "inst") { $exp_name = urlencode($exp_name."-install.exe"); - $exp_path = openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $password, $proxy, $openvpnmanager, $advancedoptions, substr($act, 5)); + $exp_path = openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, $password, $proxy, $openvpnmanager, $advancedoptions, substr($act, 5)); } if (!$exp_path) { @@ -304,9 +305,12 @@ function download_begin(act, i, j) { advancedoptions = document.getElementById("advancedoptions").value; - var quoteservercn = 0; - if (document.getElementById("quoteservercn").checked) - quoteservercn = 1; + var verifyservercn; + verifyservercn = document.getElementById("verifyservercn").value; + + var randomlocalport = 0; + if (document.getElementById("randomlocalport").checked) + randomlocalport = 1; var usetoken = 0; if (document.getElementById("usetoken").checked) usetoken = 1; @@ -380,7 +384,8 @@ function download_begin(act, i, j) { dlurl += "&crtid=" + escape(certs[j][0]); } dlurl += "&useaddr=" + escape(useaddr); - dlurl += ""eservercn=" + escape(quoteservercn); + dlurl += "&verifyservercn=" + escape(verifyservercn); + dlurl += "&randomlocalport=" + escape(randomlocalport); dlurl += "&openvpnmanager=" + escape(openvpnmanager); dlurl += "&usetoken=" + escape(usetoken); if (usepass) @@ -434,11 +439,9 @@ function server_changed() { cell2.innerHTML += "<a href='javascript:download_begin(\"confinline\"," + i + ", -1)'>Others<\/a>"; cell2.innerHTML += "<br\/>- Windows Installers:<br\/>"; cell2.innerHTML += " "; - cell2.innerHTML += "<a href='javascript:download_begin(\"inst\"," + i + ", -1)'>2.2<\/a>"; - cell2.innerHTML += " "; cell2.innerHTML += "<a href='javascript:download_begin(\"inst-2.3-x86\"," + i + ", -1)'>2.3-x86<\/a>"; -// cell2.innerHTML += " "; -// cell2.innerHTML += "<a href='javascript:download_begin(\"inst-2.3-x64\"," + i + ", -1)'>2.3-x64<\/a>"; + cell2.innerHTML += " "; + cell2.innerHTML += "<a href='javascript:download_begin(\"inst-2.3-x64\"," + i + ", -1)'>2.3-x64<\/a>"; cell2.innerHTML += "<br\/>- Mac OSX:<br\/>"; cell2.innerHTML += " "; cell2.innerHTML += "<a href='javascript:download_begin(\"visc\"," + i + ", -1)'>Viscosity Bundle<\/a>"; @@ -471,11 +474,9 @@ function server_changed() { cell2.innerHTML += "<a href='javascript:download_begin(\"confinline\", -1," + j + ")'>Others<\/a>"; cell2.innerHTML += "<br\/>- Windows Installers:<br\/>"; cell2.innerHTML += " "; - cell2.innerHTML += "<a href='javascript:download_begin(\"inst\", -1," + j + ")'>2.2<\/a>"; - cell2.innerHTML += " "; cell2.innerHTML += "<a href='javascript:download_begin(\"inst-2.3-x86\", -1," + j + ")'>2.3-x86<\/a>"; -// cell2.innerHTML += " "; -// cell2.innerHTML += "<a href='javascript:download_begin(\"inst-2.3-x64\", -1," + j + ")'>2.3-x64<\/a>"; + cell2.innerHTML += " "; + cell2.innerHTML += "<a href='javascript:download_begin(\"inst-2.3-x64\", -1," + j + ")'>2.3-x64<\/a>"; cell2.innerHTML += "<br\/>- Mac OSX:<br\/>"; cell2.innerHTML += " "; cell2.innerHTML += "<a href='javascript:download_begin(\"visc\", -1," + j + ")'>Viscosity Bundle<\/a>"; @@ -515,11 +516,9 @@ function server_changed() { cell2.innerHTML += "<a href='javascript:download_begin(\"confinline\"," + i + ")'>Others<\/a>"; cell2.innerHTML += "<br\/>- Windows Installers:<br\/>"; cell2.innerHTML += " "; - cell2.innerHTML += "<a href='javascript:download_begin(\"inst\"," + i + ")'>2.2<\/a>"; - cell2.innerHTML += " "; cell2.innerHTML += "<a href='javascript:download_begin(\"inst-2.3-x86\"," + i + ")'>2.3-x86<\/a>"; -// cell2.innerHTML += " "; -// cell2.innerHTML += "<a href='javascript:download_begin(\"inst-2.3-x64\"," + i + ")'>2.3-x64<\/a>"; + cell2.innerHTML += " "; + cell2.innerHTML += "<a href='javascript:download_begin(\"inst-2.3-x64\"," + i + ")'>2.3-x64<\/a>"; cell2.innerHTML += "<br\/>- Mac OSX:<br\/>"; cell2.innerHTML += " "; cell2.innerHTML += "<a href='javascript:download_begin(\"visc\"," + i + ")'>Viscosity Bundle<\/a>"; @@ -625,21 +624,48 @@ function useproxy_changed(obj) { </td> </tr> <tr> - <td width="22%" valign="top" class="vncell">Quote Server CN</td> + <td width="22%" valign="top" class="vncell">Verify Server CN</td> + <td width="78%" class="vtable"> + <table border="0" cellpadding="2" cellspacing="0" summary="verify server cn"> + <tr> + <td> + <select name="verifyservercn" id="verifyservercn" class="formselect"> + <option value="auto">Automatic - Use verify-x509-name (OpenVPN 2.3+) where possible</option> + <option value="tls-remote">Use tls-remote (Deprecated, use only on old clients <= OpenVPN 2.2.x)</option> + <option value="tls-remote-quote">Use tls-remote and quote the server CN</option> + <option value="none">Do not verify the server CN</option> + </select> + <br/> + <span class="vexpl"> + Optionally verify the server certificate Common Name (CN) when the client connects. Current clients, including the most recent versions of Windows, Viscosity, Tunnelblick, OpenVPN on iOS and Android and so on should all work at the default automatic setting. + <br/><br/>Only use tls-remote if you must use an older client that you cannot control. The option has been deprecated by OpenVPN and will be removed in the next major version. + <br/><br/>With tls-remote the server CN may optionally be enclosed in quotes. This can help if the server CN contains spaces and certain clients cannot parse the server CN. Some clients have problems parsing the CN with quotes. Use only as needed. + </span> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Use Random Local Port</td> <td width="78%" class="vtable"> - <table border="0" cellpadding="2" cellspacing="0" summary="quote server cn"> + <table border="0" cellpadding="2" cellspacing="0" summary="random local port"> <tr> <td> - <input name="quoteservercn" id="quoteservercn" type="checkbox" value="yes" /> + <input name="randomlocalport" id="randomlocalport" type="checkbox" value="yes" checked="CHECKED" /> </td> <td> <span class="vexpl"> - Enclose the server CN in quotes. Can help if your server CN contains spaces and certain clients cannot parse the server CN. Some clients have problems parsing the CN with quotes. Use only as needed. + Use a random local source port (lport) for traffic from the client. Without this set, two clients may not run concurrently. </span> </td> </tr> + <tr> + <td colspan="2"> + <span class="vexpl"><br/>NOTE: Not supported on older clients. Automatically disabled for Yealink and Snom configurations.</span> + </td> + </tr> </table> - </td> </tr> <tr> <td width="22%" valign="top" class="vncell">Certificate Export Options</td> @@ -809,6 +835,11 @@ function useproxy_changed(obj) { </span> </td> </tr> + <tr> + <td colspan="2"> + <span class="vexpl"><br/>NOTE: This is not currently compatible with the 64-bit OpenVPN installer. It will work with the 32-bit installer on a 64-bit system.</span> + </td> + </tr> </table> </td> </tr> |