diff options
| author | Matthew Grooms <mgrooms@pfsense.org> | 2008-08-29 22:55:26 +0000 |
|---|---|---|
| committer | Matthew Grooms <mgrooms@pfsense.org> | 2008-08-29 22:55:26 +0000 |
| commit | 34bc1324207b22a0e42906f52319bf92c0b9841f (patch) | |
| tree | 217b06d016c209bc0ce7de09b10229e67a3115eb /etc | |
| parent | d9699f965f584ce186fb4e5e6505365c7d24c056 (diff) | |
| download | pfsense-34bc1324207b22a0e42906f52319bf92c0b9841f.zip pfsense-34bc1324207b22a0e42906f52319bf92c0b9841f.tar.gz | |
Store the OpenVPN system DH parameters contents in the config.xml file so
it is not generated each time on embedded systems. Problem reported by
Scott.
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/openvpn.inc | 35 |
1 files changed, 29 insertions, 6 deletions
diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index add1d51..7990648 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -52,6 +52,18 @@ $openvpn_auth_methods = array( 'pki' => "Public Key Infrastructure", 'shared_key' => "Pre Shared Key"); +function openvpn_create_dhparams() { + + $fp = popen("/usr/bin/openssl dhparam 1024", "r"); + if (!$fp) + return false; + + $rslt = stream_get_contents($fp); + pclose($fp); + + return $rslt; +} + function openvpn_vpnid_used($vpnid) { global $config; @@ -505,24 +517,35 @@ function openvpn_resync($mode, & $settings) { function openvpn_resync_all() { global $g, $config; + if (!is_array($config['openvpn'])) + $config['openvpn'] = array(); + $path_ovpn = $g['varetc_path']."/openvpn"; safe_mkdir($path_ovpn); chown($path_ovpn, 'nobody'); chgrp($path_ovpn, 'nobody'); - $path_ovdh = $g['varetc_path']."/openvpn/dh-parameters"; - if (!file_exists($path_ovdh)) { - echo "Setting up OpenVPN environment ...\n"; - exec("/usr/bin/openssl dhparam -out {$path_ovdh} 1024"); - } - $path_csc = $g['varetc_path']."/openvpn_csc"; safe_mkdir($path_csc); chown($path_csc, 'nobody'); chgrp($path_csc, 'nobody'); + if (!$config['openvpn']['dh-parameters']) { + echo "Configuring OpenVPN Parameters ...\n"; + $dh_parameters = openvpn_create_dhparams(); + $dh_parameters = base64_encode($dh_parameters); + $config['openvpn']['dh-parameters'] = $dh_parameters; + } + + $path_ovdh = $g['varetc_path']."/openvpn/dh-parameters"; + if (!file_exists($path_ovdh)) { + $dh_parameters = $config['openvpn']['dh-parameters']; + $dh_parameters = base64_decode($dh_parameters); + file_put_contents($path_ovdh, $dh_parameters); + } + if (is_array($config['openvpn']['openvpn-server'])) foreach ($config['openvpn']['openvpn-server'] as & $settings) openvpn_resync('server', $settings); |
