$server) {
if (isset($server['disable']))
continue;
$ras_user = array();
$ras_certs = array();
if (stripos($server['mode'], "server") === false)
continue;
if (($server['mode'] == "server_tls_user") && ($server['authmode'] == "Local Database")) {
foreach($a_user as $uindex => $user) {
if (!is_array($user['cert']))
continue;
foreach($user['cert'] as $cindex => $cert) {
// If $cert is not an array, it's a certref not a cert.
if (!is_array($cert))
$cert = lookup_cert($cert);
if ($cert['caref'] != $server['caref'])
continue;
$ras_userent = array();
$ras_userent['uindex'] = $uindex;
$ras_userent['cindex'] = $cindex;
$ras_userent['name'] = $user['name'];
$ras_userent['certname'] = $cert['descr'];
$ras_user[] = $ras_userent;
}
}
} elseif (($server['mode'] == "server_tls") || (($server['mode'] == "server_tls_user") && ($server['authmode'] != "Local Database"))) {
foreach($a_cert as $cindex => $cert) {
if ($cert['caref'] != $server['caref'])
continue;
$ras_cert_entry['cindex'] = $cindex;
$ras_cert_entry['certname'] = $cert['descr'];
$ras_cert_entry['certref'] = $cert['refid'];
$ras_certs[] = $ras_cert_entry;
}
}
$ras_serverent = array();
$prot = $server['protocol'];
$port = $server['local_port'];
if ($server['description'])
$name = "{$server['description']} {$prot}:{$port}";
else
$name = "Server {$prot}:{$port}";
$ras_serverent['index'] = $sindex;
$ras_serverent['name'] = $name;
$ras_serverent['users'] = $ras_user;
$ras_serverent['certs'] = $ras_certs;
$ras_serverent['mode'] = $server['mode'];
$ras_server[] = $ras_serverent;
}
$id = $_GET['id'];
if (isset($_POST['id']))
$id = $_POST['id'];
$act = $_GET['act'];
if (isset($_POST['act']))
$act = $_POST['act'];
if (!empty($act)) {
$srvid = $_GET['srvid'];
$usrid = $_GET['usrid'];
$crtid = $_GET['crtid'];
if ($srvid === false) {
pfSenseHeader("vpn_openvpn_export.php");
exit;
} else if (($config['openvpn']['openvpn-server'][$srvid]['mode'] != "server_user") &&
(($usrid === false) || ($crtid === false))) {
pfSenseHeader("vpn_openvpn_export.php");
exit;
}
if ($config['openvpn']['openvpn-server'][$srvid]['mode'] == "server_user")
$nokeys = true;
else
$nokeys = false;
if (empty($_GET['useaddr'])) {
$input_errors[] = "You need to specify an IP or hostname.";
} else
$useaddr = $_GET['useaddr'];
$advancedoptions = $_GET['advancedoptions'];
$openvpnmanager = $_GET['openvpnmanager'];
$quoteservercn = $_GET['quoteservercn'];
$usetoken = $_GET['usetoken'];
if ($usetoken && ($act == "confinline"))
$input_errors[] = "You cannot use Microsoft Certificate Storage with an Inline configuration.";
if ($usetoken && (($act == "conf_yealink_t28") || ($act == "conf_yealink_t38g") || ($act == "conf_yealink_t38g2") || ($act == "conf_snom")))
$input_errors[] = "You cannot use Microsoft Certificate Storage with a Yealink or SNOM configuration.";
$password = "";
if ($_GET['password'])
$password = $_GET['password'];
$proxy = "";
if (!empty($_GET['proxy_addr']) || !empty($_GET['proxy_port'])) {
$proxy = array();
if (empty($_GET['proxy_addr'])) {
$input_errors[] = "You need to specify an address for the proxy port.";
} else
$proxy['ip'] = $_GET['proxy_addr'];
if (empty($_GET['proxy_port'])) {
$input_errors[] = "You need to specify a port for the proxy ip.";
} else
$proxy['port'] = $_GET['proxy_port'];
$proxy['proxy_authtype'] = $_GET['proxy_authtype'];
if ($_GET['proxy_authtype'] != "none") {
if (empty($_GET['proxy_user'])) {
$input_errors[] = "You need to specify a username with the proxy config.";
} else
$proxy['user'] = $_GET['proxy_user'];
if (!empty($_GET['proxy_user']) && empty($_GET['proxy_password'])) {
$input_errors[] = "You need to specify a password with the proxy user.";
} else
$proxy['password'] = $_GET['proxy_password'];
}
}
$exp_name = openvpn_client_export_prefix($srvid, $usrid);
if(substr($act, 0, 4) == "conf") {
switch ($act) {
case "confzip":
$exp_name = urlencode($exp_name."-config.zip");
$expformat = "zip";
break;
case "conf_yealink_t28":
$exp_name = urlencode("client.tar");
$expformat = "yealink_t28";
break;
case "conf_yealink_t38g":
$exp_name = urlencode("client.tar");
$expformat = "yealink_t38g";
break;
case "conf_yealink_t38g2":
$exp_name = urlencode("client.tar");
$expformat = "yealink_t38g2";
break;
case "conf_snom":
$exp_name = urlencode("vpnclient.tar");
$expformat = "snom";
break;
case "confinline":
$exp_name = urlencode($exp_name."-config.ovpn");
$expformat = "inline";
break;
default:
$exp_name = urlencode($exp_name."-config.ovpn");
$expformat = "baseconf";
}
$exp_path = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $nokeys, $proxy, $expformat, $password, false, false, $openvpnmanager, $advancedoptions);
}
if($act == "visc") {
$exp_name = urlencode($exp_name."-Viscosity.visc.zip");
$exp_path = viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $password, $proxy, $openvpnmanager, $advancedoptions);
}
if(substr($act, 0, 4) == "inst") {
$exp_name = urlencode($exp_name."-install.exe");
$exp_path = openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $password, $proxy, $openvpnmanager, $advancedoptions, substr($act, 5));
}
if (!$exp_path) {
$input_errors[] = "Failed to export config files!";
}
if (empty($input_errors)) {
if (($act == "conf") || ($act == "confinline")) {
$exp_size = strlen($exp_path);
} else {
$exp_size = filesize($exp_path);
}
header('Pragma: ');
header('Cache-Control: ');
header("Content-Type: application/octet-stream");
header("Content-Disposition: attachment; filename={$exp_name}");
header("Content-Length: $exp_size");
if (($act == "conf") || ($act == "confinline")) {
echo $exp_path;
} else {
readfile($exp_path);
@unlink($exp_path);
}
exit;
}
}
include("head.inc");
?>
Remote Access Server
Host Name Resolution
Enter the hostname or IP address the client will use to connect to this server.
Quote Server CN
Enclose the server CN in quotes. Can help if your server CN contains spaces and certain clients cannot parse the server CN. Some clients have problems parsing the CN with quotes. Use only as needed.
Certificate Export Options
Use Microsoft Certificate Storage instead of local files.
Use a password to protect the pkcs12 file contents or key in Viscosity bundle.
Password :
Confirm :
Use HTTP Proxy
Use HTTP proxy to communicate with the server.
IP Address :
Port :
Choose HTTP proxy authentication if any.
Username :
Password :
Confirm :
Management Interface OpenVPNManager
This will change the generated .ovpn configuration to allow for usage of the management interface.
And include the OpenVPNManager program in the "Windows Installers". With this OpenVPN can be used also by non-administrator users.
This is also usefull for Windows7/Vista systems where elevated permissions are needed to add routes to the system.
Additional configuration options
=gettext("Enter any additional options you would like to add to the OpenVPN client export configuration here, separated by a line break or semicolon"); ?>
=gettext("EXAMPLE: remote-random"); ?>;
Client Install Packages
=gettext("User");?>
=gettext("Certificate Name");?>
=gettext("Export");?>
= gettext("NOTE:") ?>
= gettext("If you expect to see a certain client in the list but it is not there, it is usually due to a CA mismatch between the OpenVPN server instance and the client certificates found in the User Manager.") ?>