diff options
| author | Matthew Grooms <mgrooms@pfsense.org> | 2008-09-09 20:01:35 +0000 |
|---|---|---|
| committer | Matthew Grooms <mgrooms@pfsense.org> | 2008-09-09 20:01:35 +0000 |
| commit | 15b414e6b469c9e5bec9e70760cff9f779158431 (patch) | |
| tree | b049ee9049c8e86c0f3e7f132d87c5d44f5d88bf /etc/inc/openvpn.inc | |
| parent | 2ff19bfd402a7bf89bcd7c025cc6c62c7a7cacfe (diff) | |
| download | pfsense-15b414e6b469c9e5bec9e70760cff9f779158431.zip pfsense-15b414e6b469c9e5bec9e70760cff9f779158431.tar.gz | |
Comment out the code that creates a dh-parameters file at boot time and
add three new static parameters files to the /etc directory. In the near
term OpenVPN configurations will use the 2048 bit file.
Diffstat (limited to 'etc/inc/openvpn.inc')
| -rw-r--r-- | etc/inc/openvpn.inc | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index ee2461b..70ecac4 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -446,7 +446,7 @@ function openvpn_reconfigure($mode,& $settings) { openvpn_add_keyfile($cert['crt'], $conf, $mode_id, "cert"); openvpn_add_keyfile($cert['prv'], $conf, $mode_id, "key"); if ($mode == 'server') - $conf .= "dh {$g['varetc_path']}/openvpn/dh-parameters\n"; + $conf .= "dh {$g['etc_path']}/dh-parameters.2048\n"; if ($settings['crl']) openvpn_add_keyfile($settings['crl'], $conf, $mode_id, "crl-verify"); if ($settings['tls']) @@ -604,6 +604,7 @@ function openvpn_resync_all() { if (!is_array($config['openvpn'])) $config['openvpn'] = array(); +/* if (!$config['openvpn']['dh-parameters']) { echo "Configuring OpenVPN Parameters ...\n"; $dh_parameters = openvpn_create_dhparams(1024); @@ -618,6 +619,7 @@ function openvpn_resync_all() { $dh_parameters = base64_decode($dh_parameters); file_put_contents($path_ovdh, $dh_parameters); } +*/ if (is_array($config['openvpn']['openvpn-server'])) foreach ($config['openvpn']['openvpn-server'] as & $settings) |
