From b7cb81919d718fc0183cdc0297a2800c6b5902b9 Mon Sep 17 00:00:00 2001 From: jim-p Date: Tue, 18 Sep 2012 13:53:03 -0400 Subject: Make quoting the server CN optional since it seems to break more clients than it fixes; Add a third Yealink variant. --- .../openvpn-client-export.inc | 23 ++++++++---- .../openvpn-client-export.xml | 2 +- .../openvpn-client-export/vpn_openvpn_export.php | 41 ++++++++++++++++++---- 3 files changed, 52 insertions(+), 14 deletions(-) (limited to 'config') diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc index 9f06ed0c..1c556d10 100755 --- a/config/openvpn-client-export/openvpn-client-export.inc +++ b/config/openvpn-client-export/openvpn-client-export.inc @@ -151,7 +151,7 @@ function openvpn_client_export_validate_config($srvid, $usrid, $crtid) { return array($settings, $server_cert, $server_ca, $servercn, $user, $cert, $nokeys); } -function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, $nokeys = false, $proxy, $expformat = "baseconf", $outpass = "", $skiptls=false, $doslines=false, $advancedoptions = "") { +function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $nokeys = false, $proxy, $expformat = "baseconf", $outpass = "", $skiptls=false, $doslines=false, $advancedoptions = "") { global $config, $input_errors, $g; $nl = ($doslines) ? "\r\n" : "\n"; @@ -198,8 +198,10 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke $conf .= "client{$nl}"; $conf .= "resolv-retry infinite{$nl}"; $conf .= "remote {$server_host} {$server_port}{$nl}"; - if (!empty($servercn)) - $conf .= "tls-remote \"{$servercn}\"{$nl}"; + if (!empty($servercn)) { + $qw = ($quoteservercn) ? "\"" : ""; + $conf .= "tls-remote {$qw}{$servercn}{$qw}{$nl}"; + } if (!empty($proxy)) { if ($proto == "udp") { @@ -239,6 +241,10 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke $conf .= "ca /phone/config/openvpn/keys/ca.crt{$nl}"; $conf .= "cert /phone/config/openvpn/keys/client1.crt{$nl}"; $conf .= "key /phone/config/openvpn/keys/client1.key{$nl}"; + } elseif ($expformat == "yealink_t38g2") { + $conf .= "ca /config/openvpn/keys/ca.crt{$nl}"; + $conf .= "cert /config/openvpn/keys/client1.crt{$nl}"; + $conf .= "key /config/openvpn/keys/client1.key{$nl}"; } elseif ($expformat == "snom") { $conf .= "ca /openvpn/ca.crt{$nl}"; $conf .= "cert /openvpn/phone1.crt{$nl}"; @@ -263,6 +269,8 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke $conf .= "tls-auth /yealink/config/openvpn/keys/ta.key 1{$nl}"; elseif ($expformat == "yealink_t38g") $conf .= "tls-auth /phone/config/openvpn/keys/ta.key 1{$nl}"; + elseif ($expformat == "yealink_t38g2") + $conf .= "tls-auth /config/openvpn/keys/ta.key 1{$nl}"; elseif ($expformat == "snom") $conf .= "tls-auth /openvpn/ta.key 1{$nl}"; else @@ -344,6 +352,7 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke break; case "yealink_t28": case "yealink_t38g": + case "yealink_t38g2": // create template directory $tempdir = "{$g['tmp_path']}/{$prefix}"; $keydir = "{$tempdir}/keys"; @@ -402,7 +411,7 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke } } -function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $usetoken, $outpass, $proxy, $advancedoptions) { +function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $outpass, $proxy, $advancedoptions) { global $config, $g, $input_errors; $uname_p = trim(exec("uname -p")); @@ -439,7 +448,7 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $uset $pwdfle .= "{$proxy['password']}\r\n"; file_put_contents("{$confdir}/{$proxy['passwdfile']}", $pwdfle); } - $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, $nokeys, $proxy, "", "baseconf", false, true, $advancedoptions); + $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $nokeys, $proxy, "", "baseconf", false, true, $advancedoptions); if (!$conf) { $input_errors[] = "Could not create a config to export."; return false; @@ -498,7 +507,7 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $uset return $outfile; } -function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $usetoken, $outpass, $proxy, $advancedoptions) { +function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $outpass, $proxy, $advancedoptions) { global $config, $g; $uname_p = trim(exec("uname -p")); @@ -533,7 +542,7 @@ function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $usead file_put_contents("{$tempdir}/{$proxy['passwdfile']}", $pwdfle); } - $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, true, $proxy, "baseconf", "", true, $advancedoptions); + $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, true, $proxy, "baseconf", "", true, $advancedoptions); if (!$conf) return false; diff --git a/config/openvpn-client-export/openvpn-client-export.xml b/config/openvpn-client-export/openvpn-client-export.xml index 254a95c7..02949cbd 100755 --- a/config/openvpn-client-export/openvpn-client-export.xml +++ b/config/openvpn-client-export/openvpn-client-export.xml @@ -1,7 +1,7 @@ OpenVPN Client Export - 0.22 + 0.24 OpenVPN Client Export /usr/local/pkg/openvpn-client-export.inc diff --git a/config/openvpn-client-export/vpn_openvpn_export.php b/config/openvpn-client-export/vpn_openvpn_export.php index fa3bcb9c..811fb62f 100755 --- a/config/openvpn-client-export/vpn_openvpn_export.php +++ b/config/openvpn-client-export/vpn_openvpn_export.php @@ -137,10 +137,11 @@ if (!empty($act)) { $useaddr = $_GET['useaddr']; $advancedoptions = $_GET['advancedoptions']; + $quoteservercn = $_GET['quoteservercn']; $usetoken = $_GET['usetoken']; if ($usetoken && ($act == "confinline")) $input_errors[] = "You cannot use Microsoft Certificate Storage with an Inline configuration."; - if ($usetoken && (($act == "conf_yealink_t28") || ($act == "conf_yealink_t38g") || ($act == "conf_snom"))) + if ($usetoken && (($act == "conf_yealink_t28") || ($act == "conf_yealink_t38g") || ($act == "conf_yealink_t38g2") || ($act == "conf_snom"))) $input_errors[] = "You cannot use Microsoft Certificate Storage with a Yealink or SNOM configuration."; $password = ""; if ($_GET['password']) @@ -186,6 +187,10 @@ if (!empty($act)) { $exp_name = urlencode("client.tar"); $expformat = "yealink_t38g"; break; + case "conf_yealink_t38g2": + $exp_name = urlencode("client.tar"); + $expformat = "yealink_t38g2"; + break; case "conf_snom": $exp_name = urlencode("vpnclient.tar"); $expformat = "snom"; @@ -198,17 +203,17 @@ if (!empty($act)) { $exp_name = urlencode($exp_name."-config.ovpn"); $expformat = "baseconf"; } - $exp_path = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, $nokeys, $proxy, $expformat, $password, false, false, $advancedoptions); + $exp_path = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $nokeys, $proxy, $expformat, $password, false, false, $advancedoptions); } if($act == "visc") { $exp_name = urlencode($exp_name."-Viscosity.visc.zip"); - $exp_path = viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $usetoken, $password, $proxy, $advancedoptions); + $exp_path = viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $password, $proxy, $advancedoptions); } if($act == "inst") { $exp_name = urlencode($exp_name."-install.exe"); - $exp_path = openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $usetoken, $password, $proxy, $advancedoptions); + $exp_path = openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $password, $proxy, $advancedoptions); } if (!$exp_path) { @@ -289,6 +294,9 @@ function download_begin(act, i, j) { advancedoptions = document.getElementById("advancedoptions").value; + var quoteservercn = 0; + if (document.getElementById("quoteservercn").checked) + quoteservercn = 1; var usetoken = 0; if (document.getElementById("usetoken").checked) usetoken = 1; @@ -357,6 +365,7 @@ function download_begin(act, i, j) { dlurl += "&crtid=" + escape(certs[j][0]); } dlurl += "&useaddr=" + escape(useaddr); + dlurl += ""eservercn=" + escape(quoteservercn); dlurl += "&usetoken=" + escape(usetoken); if (usepass) dlurl += "&password=" + escape(pass); @@ -428,10 +437,13 @@ function server_changed() { cell2.innerHTML += "
"; cell2.innerHTML += "Viscosity Bundle"; if (servers[index][2] == "server_tls") { - cell2.innerHTML += "
Yealink SIP Handset:   "; + cell2.innerHTML += "
Yealink SIP Handsets:
"; + cell2.innerHTML += "   "; cell2.innerHTML += "T28"; cell2.innerHTML += "   "; - cell2.innerHTML += "T38G"; + cell2.innerHTML += "T38G (1)"; + cell2.innerHTML += "   "; + cell2.innerHTML += "T38G (2)"; cell2.innerHTML += "
"; cell2.innerHTML += "SNOM SIP Handset"; } @@ -549,6 +561,23 @@ function useproxy_changed(obj) { + + Quote Server CN + + + + + + +
+ + + + Enclose the server CN in quotes. Can help if your server CN contains spaces and certain clients cannot parse the server CN. Some clients have problems parsing the CN with quotes. Use only as needed. + +
+ + Certificate Export Options -- cgit v1.2.3