Sorry for sending in this patches so late but i thought it makes sense to solve some open bugs in this topic.
Should i send it in again after Core 136 release ?
Best,
Erik
On Mi, 2019-09-18 at 07:03 +0200, Erik Kapfer wrote:
Since Core 132 the 'TLS Channel Protection' is part of the global settings, the ta.key generation check should also be in the main section otherwise it won´t be created if not present.
Signed-off-by: Erik Kapfer ummeegge@ipfire.org
html/cgi-bin/ovpnmain.cgi | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 5de80b269..5b8ca9731 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -898,17 +898,6 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv- options'}) { $errormessage = $Lang::tr{'invalid input for keepalive 1:2'}; goto ADV_ERROR; }
- # Create ta.key for tls-auth if not presant
- if ($cgiparams{'TLSAUTH'} eq 'on') {
- if ( ! -e "${General::swroot}/ovpn/certs/ta.key") {
system('/usr/sbin/openvpn', '--genkey', '--secret',"${General::swroot}/ovpn/certs/ta.key");
if ($?) {$errormessage = "$Lang::tr{'openssl produced anerror'}: $?";
goto ADV_ERROR;}- }
- }
- &General::writehash("${General::swroot}/ovpn/settings",
%vpnsettings); &writeserverconf();#hier ok } @@ -1189,6 +1178,17 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg goto SETTINGS_ERROR; }
- # Create ta.key for tls-auth if not presant
- if ($cgiparams{'TLSAUTH'} eq 'on') {
if ( ! -e "${General::swroot}/ovpn/certs/ta.key") {system('/usr/sbin/openvpn', '--genkey', '--secret', "${General::swroot}/ovpn/certs/ta.key");
if ($?) {$errormessage = "$Lang::tr{'opensslproduced an error'}: $?";
goto SETTINGS_ERROR;}}- }
- $vpnsettings{'ENABLED_BLUE'} = $cgiparams{'ENABLED_BLUE'}; $vpnsettings{'ENABLED_ORANGE'} =$cgiparams{'ENABLED_ORANGE'}; $vpnsettings{'ENABLED'} = $cgiparams{'ENABLED'};