Modify the OpenVPN server configuration to allow the DH parameter length

to be specified. Upgraded 1.2.x configurations will default to 1024 bits.
author: Matthew Grooms <mgrooms@pfsense.org> 2008-09-09 20:32:56 +0000
committer: Matthew Grooms <mgrooms@pfsense.org> 2008-09-09 20:32:56 +0000
commit: fe787fc76100da46ad49756b471affecc625e20d (patch)
tree: 2e799a913aab598302cdb02930c7b04c4026eed9 /etc/inc/openvpn.inc
parent: 15b414e6b469c9e5bec9e70760cff9f779158431 (diff)
download: pfsense-fe787fc76100da46ad49756b471affecc625e20d.zip
pfsense-fe787fc76100da46ad49756b471affecc625e20d.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc
index 70ecac4..543f1ee 100644
--- a/etc/inc/openvpn.inc
+++ b/etc/inc/openvpn.inc
@@ -62,6 +62,9 @@ $openvpn_prots = array("UDP", "TCP");
  * -mgrooms
  */
 
+$openvpn_dh_lengths = array(
+	1024, 2048, 4096 );
+
 $openvpn_server_modes = array(
 	'p2p_tls' => "Peer to Peer ( SSL/TLS )",
 	'p2p_shared_key' => "Peer to Peer ( Shared Key )",
@@ -446,7 +449,7 @@ function openvpn_reconfigure($mode,& $settings) {
 			openvpn_add_keyfile($cert['crt'], $conf, $mode_id, "cert");
 			openvpn_add_keyfile($cert['prv'], $conf, $mode_id, "key");
 			if ($mode == 'server')
-				$conf .= "dh {$g['etc_path']}/dh-parameters.2048\n";
+				$conf .= "dh {$g['etc_path']}/dh-parameters.{$settings['dh_length']}\n";
 			if ($settings['crl'])
 				openvpn_add_keyfile($settings['crl'], $conf, $mode_id, "crl-verify");
 			if ($settings['tls'])
author	Matthew Grooms <mgrooms@pfsense.org>	2008-09-09 20:32:56 +0000
committer	Matthew Grooms <mgrooms@pfsense.org>	2008-09-09 20:32:56 +0000
commit	fe787fc76100da46ad49756b471affecc625e20d (patch)
tree	2e799a913aab598302cdb02930c7b04c4026eed9 /etc/inc/openvpn.inc
parent	15b414e6b469c9e5bec9e70760cff9f779158431 (diff)
download	pfsense-fe787fc76100da46ad49756b471affecc625e20d.zip pfsense-fe787fc76100da46ad49756b471affecc625e20d.tar.gz