Hi,
this looks good. I will merge this soon.
How do we convert existing configuration files?
-Michael
On Thu, 2018-02-15 at 05:43 +0100, Erik Kapfer wrote:
script-security: The support for the 'system' flag has been removed due to security implications with shell expansions when executing scripts via system() call. For more informations: https://community.openvpn.net/openvpn/wiki/Openvpn2 4ManPage .
ncp-disable: Negotiable crypto parameters has been disabled for the first.
Signed-off-by: Erik Kapfer erik.kapfer@ipfire.org
html/cgi-bin/ovpnmain.cgi | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 0a18ec7..a7daf89 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -216,7 +216,7 @@ sub writeserverconf { print CONF "dev tun\n"; print CONF "proto $sovpnsettings{'DPROTOCOL'}\n"; print CONF "port $sovpnsettings{'DDEST_PORT'}\n";
- print CONF "script-security 3 system\n";
- print CONF "script-security 3\n"; print CONF "ifconfig-pool-persist /var/ipfire/ovpn/ovpn-leases.db
3600\n"; print CONF "client-config-dir /var/ipfire/ovpn/ccd\n"; print CONF "tls-server\n"; @@ -289,6 +289,7 @@ sub writeserverconf { } print CONF "status-version 1\n"; print CONF "status /var/run/ovpnserver.log 30\n";
- print CONF "ncp-disable\n"; print CONF "cipher $sovpnsettings{DCIPHER}\n"; if ($sovpnsettings{'DAUTH'} eq '') { print CONF "";