From 68ecf387e4ec820850eba2e1661b43faf7ce6ea1 Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Tue, 6 Feb 2018 12:45:52 +0100 Subject: Explicitly tell openvpn3 that it should not use user certificates (closes #836) --- main/src/main/java/de/blinkt/openvpn/VpnProfile.java | 4 ++++ main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java | 3 ++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java index d5f07843..76bb502e 100644 --- a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java +++ b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java @@ -416,6 +416,10 @@ public class VpnProfile implements Serializable, Cloneable { case VpnProfile.TYPE_USERPASS: cfg += "auth-user-pass\n"; cfg += insertFileData("ca", mCaFilename); + if (configForOvpn3) { + // OpenVPN 3 needs to be told that a client certificate is not required + cfg += "client-cert-not-required\n"; + } } if (isUserPWAuth()) { diff --git a/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java b/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java index 9889754d..abd60bcb 100644 --- a/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java +++ b/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java @@ -245,6 +245,7 @@ public class ConfigParser { // in most cases these won't work and user who wish to execute scripts will // figure out themselves final String[] ignoreOptions = {"tls-client", + "allow-recursive-routing", "askpass", "auth-nocache", "up", @@ -255,11 +256,11 @@ public class ConfigParser { "route-pre-down", "auth-user-pass-verify", "block-outside-dns", + "client-cert-not-required", "dhcp-release", "dhcp-renew", "dh", "group", - "allow-recursive-routing", "ip-win32", "ifconfig-nowarn", "management-hold", -- cgit v1.2.3