$server) { if (isset($server['disable'])) continue; $ras_user = array(); $ras_certs = array(); if (stripos($server['mode'], "server") === false) continue; if (($server['mode'] == "server_tls_user") && ($server['authmode'] == "Local Database")) { foreach($a_user as $uindex => $user) { if (!is_array($user['cert'])) continue; foreach($user['cert'] as $cindex => $cert) { // If $cert is not an array, it's a certref not a cert. if (!is_array($cert)) $cert = lookup_cert($cert); if ($cert['caref'] != $server['caref']) continue; $ras_userent = array(); $ras_userent['uindex'] = $uindex; $ras_userent['cindex'] = $cindex; $ras_userent['name'] = $user['name']; $ras_userent['certname'] = $cert['descr']; $ras_user[] = $ras_userent; } } } elseif (($server['mode'] == "server_tls") || (($server['mode'] == "server_tls_user") && ($server['authmode'] != "Local Database"))) { foreach($a_cert as $cindex => $cert) { if ($cert['caref'] != $server['caref']) continue; $ras_cert_entry['cindex'] = $cindex; $ras_cert_entry['certname'] = $cert['descr']; $ras_cert_entry['certref'] = $cert['refid']; $ras_certs[] = $ras_cert_entry; } } $ras_serverent = array(); $prot = $server['protocol']; $port = $server['local_port']; if ($server['description']) $name = "{$server['description']} {$prot}:{$port}"; else $name = "Server {$prot}:{$port}"; $ras_serverent['index'] = $sindex; $ras_serverent['name'] = $name; $ras_serverent['users'] = $ras_user; $ras_serverent['certs'] = $ras_certs; $ras_serverent['mode'] = $server['mode']; $ras_server[] = $ras_serverent; } $id = $_GET['id']; if (isset($_POST['id'])) $id = $_POST['id']; $act = $_GET['act']; if (isset($_POST['act'])) $act = $_POST['act']; if (!empty($act)) { $srvid = $_GET['srvid']; $usrid = $_GET['usrid']; $crtid = $_GET['crtid']; if ($srvid === false) { pfSenseHeader("vpn_openvpn_export.php"); exit; } else if (($config['openvpn']['openvpn-server'][$srvid]['mode'] != "server_user") && (($usrid === false) || ($crtid === false))) { pfSenseHeader("vpn_openvpn_export.php"); exit; } if ($config['openvpn']['openvpn-server'][$srvid]['mode'] == "server_user") $nokeys = true; else $nokeys = false; if (empty($_GET['useaddr'])) { $input_errors[] = "You need to specify an IP or hostname."; } else $useaddr = $_GET['useaddr']; $advancedoptions = $_GET['advancedoptions']; $openvpnmanager = $_GET['openvpnmanager']; $quoteservercn = $_GET['quoteservercn']; $usetoken = $_GET['usetoken']; if ($usetoken && ($act == "confinline")) $input_errors[] = "You cannot use Microsoft Certificate Storage with an Inline configuration."; if ($usetoken && (($act == "conf_yealink_t28") || ($act == "conf_yealink_t38g") || ($act == "conf_yealink_t38g2") || ($act == "conf_snom"))) $input_errors[] = "You cannot use Microsoft Certificate Storage with a Yealink or SNOM configuration."; $password = ""; if ($_GET['password']) $password = $_GET['password']; $proxy = ""; if (!empty($_GET['proxy_addr']) || !empty($_GET['proxy_port'])) { $proxy = array(); if (empty($_GET['proxy_addr'])) { $input_errors[] = "You need to specify an address for the proxy port."; } else $proxy['ip'] = $_GET['proxy_addr']; if (empty($_GET['proxy_port'])) { $input_errors[] = "You need to specify a port for the proxy ip."; } else $proxy['port'] = $_GET['proxy_port']; $proxy['proxy_authtype'] = $_GET['proxy_authtype']; if ($_GET['proxy_authtype'] != "none") { if (empty($_GET['proxy_user'])) { $input_errors[] = "You need to specify a username with the proxy config."; } else $proxy['user'] = $_GET['proxy_user']; if (!empty($_GET['proxy_user']) && empty($_GET['proxy_password'])) { $input_errors[] = "You need to specify a password with the proxy user."; } else $proxy['password'] = $_GET['proxy_password']; } } $exp_name = openvpn_client_export_prefix($srvid, $usrid); if(substr($act, 0, 4) == "conf") { switch ($act) { case "confzip": $exp_name = urlencode($exp_name."-config.zip"); $expformat = "zip"; break; case "conf_yealink_t28": $exp_name = urlencode("client.tar"); $expformat = "yealink_t28"; break; case "conf_yealink_t38g": $exp_name = urlencode("client.tar"); $expformat = "yealink_t38g"; break; case "conf_yealink_t38g2": $exp_name = urlencode("client.tar"); $expformat = "yealink_t38g2"; break; case "conf_snom": $exp_name = urlencode("vpnclient.tar"); $expformat = "snom"; break; case "confinline": $exp_name = urlencode($exp_name."-config.ovpn"); $expformat = "inline"; break; default: $exp_name = urlencode($exp_name."-config.ovpn"); $expformat = "baseconf"; } $exp_path = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $nokeys, $proxy, $expformat, $password, false, false, $openvpnmanager, $advancedoptions); } if($act == "visc") { $exp_name = urlencode($exp_name."-Viscosity.visc.zip"); $exp_path = viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $password, $proxy, $openvpnmanager, $advancedoptions); } if(substr($act, 0, 4) == "inst") { $exp_name = urlencode($exp_name."-install.exe"); $exp_path = openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $password, $proxy, $openvpnmanager, $advancedoptions, substr($act, 5)); } if (!$exp_path) { $input_errors[] = "Failed to export config files!"; } if (empty($input_errors)) { if (($act == "conf") || ($act == "confinline")) { $exp_size = strlen($exp_path); } else { $exp_size = filesize($exp_path); } header('Pragma: '); header('Cache-Control: '); header("Content-Type: application/octet-stream"); header("Content-Disposition: attachment; filename={$exp_name}"); header("Content-Length: $exp_size"); if (($act == "conf") || ($act == "confinline")) { echo $exp_path; } else { readfile($exp_path); @unlink($exp_path); } exit; } } include("head.inc"); ?>
Remote Access Server
Host Name Resolution

Quote Server CN
Enclose the server CN in quotes. Can help if your server CN contains spaces and certain clients cannot parse the server CN. Some clients have problems parsing the CN with quotes. Use only as needed.
Certificate Export Options
Use Microsoft Certificate Storage instead of local files.
Use a password to protect the pkcs12 file contents or key in Viscosity bundle.
Use HTTP Proxy
Use HTTP proxy to communicate with the server.

Management Interface
OpenVPNManager
This will change the generated .ovpn configuration to allow for usage of the management interface. And include the OpenVPNManager program in the "Windows Installers". With this OpenVPN can be used also by non-administrator users. This is also usefull for Windows7/Vista systems where elevated permissions are needed to add routes to the system.
 
Additional configuration options

;
Client Install Packages