diff options
author | jim-p <jimp@pfsense.org> | 2011-01-20 17:18:07 -0500 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2011-01-20 17:19:34 -0500 |
commit | 582c58ae1ea2fd56a18a31ba011f28921b38d8b6 (patch) | |
tree | 32c85712d0e5f9039af420579073c1a481964441 /etc/inc/openvpn.inc | |
parent | 1801c22373d998409261841cbff03a0a1f7e7077 (diff) | |
download | pfsense-582c58ae1ea2fd56a18a31ba011f28921b38d8b6.zip pfsense-582c58ae1ea2fd56a18a31ba011f28921b38d8b6.tar.gz |
Add drop-down to select OpenVPN hardware crypto (finds usable devices from "openssl engine" list) for clients and servers.
Diffstat (limited to 'etc/inc/openvpn.inc')
-rw-r--r-- | etc/inc/openvpn.inc | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index fe8a4f5..ce1e9fd 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -172,6 +172,23 @@ function openvpn_get_cipherlist() { return $ciphers; } +function openvpn_get_engines() { + $openssl_engines = array('none' => 'No Hardware Crypto Acceleration'); + exec("/usr/bin/openssl engine", $openssl_engine_output); + foreach ($openssl_engine_output as $oeo) { + $linematch = array(); + preg_match("/\((.*)\)\s(.*)/", $oeo, $linematch); + if ($linematch[1] != "dynamic") + $openssl_engines[$linematch[1]] = $linematch[2]; + } + return $openssl_engines; +} + +function openvpn_validate_engine($engine) { + $engines = openvpn_get_engines(); + return array_key_exists($engine, $engines); +} + function openvpn_validate_host($value, $name) { $value = trim($value); if (empty($value) || (!is_domain($value) && !is_ipaddr($value))) @@ -343,6 +360,9 @@ function openvpn_reconfigure($mode,& $settings) { $conf .= "local {$iface_ip}\n"; } + if (openvpn_validate_engine($settings['engine']) && ($settings['engine'] != "none")) + $conf .= "engine {$settings['engine']}\n"; + // server specific settings if ($mode == 'server') { |