diff options
author | Ermal Luçi <eri@pfsense.org> | 2010-03-03 00:56:49 +0000 |
---|---|---|
committer | Ermal Luçi <eri@pfsense.org> | 2010-03-03 00:56:49 +0000 |
commit | e62e2f8b28b9ecd2d22d991cf9f05d16f0f19ec2 (patch) | |
tree | a0e8399041ba68b20793fce37f22d74bb8557903 /etc/inc/openvpn.inc | |
parent | 7c52ac0572bceaf6893a9883a2f68d7af80db951 (diff) | |
download | pfsense-e62e2f8b28b9ecd2d22d991cf9f05d16f0f19ec2.zip pfsense-e62e2f8b28b9ecd2d22d991cf9f05d16f0f19ec2.tar.gz |
Add tls-auth to server even when authenticating in user/pass mode.
Diffstat (limited to 'etc/inc/openvpn.inc')
-rw-r--r-- | etc/inc/openvpn.inc | 15 |
1 files changed, 3 insertions, 12 deletions
diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index c5145a3..213932d 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -353,6 +353,7 @@ function openvpn_reconfigure($mode,& $settings) { switch($settings['mode']) { case 'p2p_tls': case 'server_tls': + case 'server_user': case 'server_tls_user': $conf .= "tls-server\n"; break; @@ -487,6 +488,7 @@ function openvpn_reconfigure($mode,& $settings) { case 'p2p_tls': case 'server_tls': case 'server_tls_user': + case 'server_user': $ca = lookup_ca($settings['caref']); openvpn_add_keyfile($ca['crt'], $conf, $mode_id, "ca"); $cert = lookup_cert($settings['certref']); @@ -497,24 +499,13 @@ function openvpn_reconfigure($mode,& $settings) { if ($settings['crl']) openvpn_add_keyfile($settings['crl'], $conf, $mode_id, "crl-verify"); if ($settings['tls']) { - if ($settings['mode'] == "server_tls" || $settings['mode'] == "server_tls_user") + if (stristr($settings['mode'], "server")) $tlsopt = 0; else $tlsopt = 1; openvpn_add_keyfile($settings['tls'], $conf, $mode_id, "tls-auth", $tlsopt); } break; - case 'server_user': - $ca = lookup_ca($settings['caref']); - openvpn_add_keyfile($ca['crt'], $conf, $mode_id, "ca"); - $cert = lookup_cert($settings['certref']); - openvpn_add_keyfile($cert['crt'], $conf, $mode_id, "cert"); - openvpn_add_keyfile($cert['prv'], $conf, $mode_id, "key"); - if ($mode == 'server') - $conf .= "dh {$g['etc_path']}/dh-parameters.{$settings['dh_length']}\n"; - if ($settings['crl']) - openvpn_add_keyfile($settings['crl'], $conf, $mode_id, "crl-verify"); - break; } if ($settings['compression']) |