diff --git a/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/Api/ExportController.php b/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/Api/ExportController.php index 6633ca04a..c4b731341 100644 --- a/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/Api/ExportController.php +++ b/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/Api/ExportController.php @@ -203,7 +203,12 @@ class ExportController extends ApiControllerBase */ public function accountsAction($vpnid) { - $result = array(); + $result = [ + null => [ + "description" => gettext("(none) Exclude certificate from export"), + "users" => [] + ] + ]; $server = $this->findServer($vpnid); if ($server !== null) { // collect certificates for this server's ca diff --git a/src/opnsense/mvc/app/library/OPNsense/OpenVPN/ArchiveOpenVPN.php b/src/opnsense/mvc/app/library/OPNsense/OpenVPN/ArchiveOpenVPN.php index e9395b796..f3caf67ec 100644 --- a/src/opnsense/mvc/app/library/OPNsense/OpenVPN/ArchiveOpenVPN.php +++ b/src/opnsense/mvc/app/library/OPNsense/OpenVPN/ArchiveOpenVPN.php @@ -75,16 +75,18 @@ class ArchiveOpenVPN extends PlainOpenVPN mkdir($content_dir, 0700, true); if (empty($this->config['cryptoapi'])) { - // export keypair - $p12 = $this->export_pkcs12( - $this->config['client_crt'], - $this->config['client_prv'], - !empty($this->config['p12_password']) ? $this->config['p12_password'] : null, - !empty($this->config['server_ca_chain']) ? $this->config['server_ca_chain'] : null - ); + if (!empty($this->config['client_crt'])) { + // export keypair + $p12 = $this->export_pkcs12( + $this->config['client_crt'], + $this->config['client_prv'], + !empty($this->config['p12_password']) ? $this->config['p12_password'] : null, + !empty($this->config['server_ca_chain']) ? $this->config['server_ca_chain'] : null + ); - file_put_contents("{$content_dir}/{$base_filename}.p12", $p12); - $conf[] = "pkcs12 {$base_filename}.p12"; + file_put_contents("{$content_dir}/{$base_filename}.p12", $p12); + $conf[] = "pkcs12 {$base_filename}.p12"; + } } else { // use internal Windows store, only flush ca (when available) if (!empty($this->config['server_ca_chain'])) { diff --git a/src/opnsense/mvc/app/library/OPNsense/OpenVPN/PlainOpenVPN.php b/src/opnsense/mvc/app/library/OPNsense/OpenVPN/PlainOpenVPN.php index 6393a9eb2..c64267453 100644 --- a/src/opnsense/mvc/app/library/OPNsense/OpenVPN/PlainOpenVPN.php +++ b/src/opnsense/mvc/app/library/OPNsense/OpenVPN/PlainOpenVPN.php @@ -180,7 +180,8 @@ class PlainOpenVPN extends BaseExporter implements IExportProvider } $conf[] = ""; } - if ($this->config['mode'] !== "server_user" && empty($this->config['cryptoapi'])) { + + if (!empty($this->config['client_crt']) && empty($this->config['cryptoapi'])) { $conf[] = ""; $conf = array_merge($conf, explode("\n", trim($this->config['client_crt']))); $conf[] = ""; diff --git a/src/opnsense/mvc/app/library/OPNsense/OpenVPN/TheGreenBow.php b/src/opnsense/mvc/app/library/OPNsense/OpenVPN/TheGreenBow.php index b20a9e366..0d1960d52 100644 --- a/src/opnsense/mvc/app/library/OPNsense/OpenVPN/TheGreenBow.php +++ b/src/opnsense/mvc/app/library/OPNsense/OpenVPN/TheGreenBow.php @@ -170,15 +170,17 @@ class TheGreenBow extends BaseExporter implements IExportProvider } // client certificate - $output->cfg_ssl->cfg_sslconnection->authentication->certificate[0]->public_key = - "\n" . $this->config['client_crt']; - $output->cfg_ssl->cfg_sslconnection->authentication->certificate[0]->private_key = - "\n" . $this->config['client_prv']; - // server CA-chain - $output->cfg_ssl->cfg_sslconnection->authentication->certificate[1]->public_key = "\n" . implode( - "\n", - $this->config['server_ca_chain'] - ); + if (!empty($this->config['client_crt'])) { + $output->cfg_ssl->cfg_sslconnection->authentication->certificate[0]->public_key = + "\n" . $this->config['client_crt']; + $output->cfg_ssl->cfg_sslconnection->authentication->certificate[0]->private_key = + "\n" . $this->config['client_prv']; + // server CA-chain + $output->cfg_ssl->cfg_sslconnection->authentication->certificate[1]->public_key = "\n" . implode( + "\n", + $this->config['server_ca_chain'] + ); + } // export to DOM to reformat+pretty-print output $dom = new \DOMDocument("1.0"); diff --git a/src/opnsense/mvc/app/library/OPNsense/OpenVPN/ViscosityVisz.php b/src/opnsense/mvc/app/library/OPNsense/OpenVPN/ViscosityVisz.php index e0da12d70..9407e4b60 100644 --- a/src/opnsense/mvc/app/library/OPNsense/OpenVPN/ViscosityVisz.php +++ b/src/opnsense/mvc/app/library/OPNsense/OpenVPN/ViscosityVisz.php @@ -109,16 +109,18 @@ class ViscosityVisz extends PlainOpenVPN mkdir($content_dir, 0700, true); if (empty($this->config['cryptoapi'])) { - // export keypair - $p12 = $this->export_pkcs12( - $this->config['client_crt'], - $this->config['client_prv'], - !empty($this->config['p12_password']) ? $this->config['p12_password'] : null, - !empty($this->config['server_ca_chain']) ? $this->config['server_ca_chain'] : null - ); + if (!empty($this->config['client_crt'])) { + // export keypair + $p12 = $this->export_pkcs12( + $this->config['client_crt'], + $this->config['client_prv'], + !empty($this->config['p12_password']) ? $this->config['p12_password'] : null, + !empty($this->config['server_ca_chain']) ? $this->config['server_ca_chain'] : null + ); - file_put_contents("{$content_dir}/pkcs.p12", $p12); - $conf[] = "pkcs12 pkcs.p12"; + file_put_contents("{$content_dir}/pkcs.p12", $p12); + $conf[] = "pkcs12 pkcs.p12"; + } } else { // use internal Windows store, only flush ca (when available) if (!empty($this->config['server_ca_chain'])) {