summaryrefslogtreecommitdiffstats
path: root/usr
diff options
context:
space:
mode:
authorMatthew Grooms <mgrooms@pfsense.org>2008-09-09 20:32:56 +0000
committerMatthew Grooms <mgrooms@pfsense.org>2008-09-09 20:32:56 +0000
commitfe787fc76100da46ad49756b471affecc625e20d (patch)
tree2e799a913aab598302cdb02930c7b04c4026eed9 /usr
parent15b414e6b469c9e5bec9e70760cff9f779158431 (diff)
downloadpfsense-fe787fc76100da46ad49756b471affecc625e20d.zip
pfsense-fe787fc76100da46ad49756b471affecc625e20d.tar.gz
Modify the OpenVPN server configuration to allow the DH parameter length
to be specified. Upgraded 1.2.x configurations will default to 1024 bits.
Diffstat (limited to 'usr')
-rw-r--r--usr/local/www/vpn_openvpn_server.php31
1 files changed, 27 insertions, 4 deletions
diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php
index 60cefce..d5c5810 100644
--- a/usr/local/www/vpn_openvpn_server.php
+++ b/usr/local/www/vpn_openvpn_server.php
@@ -69,6 +69,7 @@ if($_GET['act']=="new"){
$pconfig['autokey_enable'] = "yes";
$pconfig['tlsauth_enable'] = "yes";
$pconfig['autotls_enable'] = "yes";
+ $pconfig['dh_length'] = 1024;
$pconfig['interface'] = "wan";
$pconfig['local_port'] = openvpn_port_next('UDP');
$pconfig['pool_enable'] = "yes";
@@ -86,12 +87,13 @@ if($_GET['act']=="edit"){
$pconfig['description'] = $a_server[$id]['description'];
if ($pconfig['mode'] != "p2p_shared_key") {
- $pconfig['caref'] = $a_server[$id]['caref'];
- $pconfig['certref'] = $a_server[$id]['certref'];
if ($a_server[$id]['tls']) {
$pconfig['tlsauth_enable'] = "yes";
$pconfig['tls'] = base64_decode($a_server[$id]['tls']);
}
+ $pconfig['caref'] = $a_server[$id]['caref'];
+ $pconfig['certref'] = $a_server[$id]['certref'];
+ $pconfig['dh_length'] = $a_server[$id]['dh_length'];
} else
$pconfig['shared_key'] = base64_decode($a_server[$id]['shared_key']);
$pconfig['crypto'] = $a_server[$id]['crypto'];
@@ -255,13 +257,14 @@ if ($_POST) {
$server['description'] = $pconfig['description'];
if ($tls_mode) {
- $server['caref'] = $pconfig['caref'];
- $server['certref'] = $pconfig['certref'];
if ($pconfig['tlsauth_enable']) {
if ($pconfig['autotls_enable'])
$pconfig['tls'] = openvpn_create_key();
$server['tls'] = base64_encode($pconfig['tls']);
}
+ $server['caref'] = $pconfig['caref'];
+ $server['certref'] = $pconfig['certref'];
+ $server['dh_length'] = $pconfig['dh_length'];
} else {
if ($pconfig['autokey_enable'])
$pconfig['shared_key'] = openvpn_create_key();
@@ -343,12 +346,14 @@ function mode_change() {
document.getElementById("tls").style.display="";
document.getElementById("tls_ca").style.display="";
document.getElementById("tls_cert").style.display="";
+ document.getElementById("tls_dh").style.display="";
document.getElementById("psk").style.display="none";
break;
case "p2p_shared_key":
document.getElementById("tls").style.display="none";
document.getElementById("tls_ca").style.display="none";
document.getElementById("tls_cert").style.display="none";
+ document.getElementById("tls_dh").style.display="none";
document.getElementById("psk").style.display="";
break;
}
@@ -644,6 +649,24 @@ function netbios_change() {
</select>
</td>
</tr>
+ <tr id="tls_dh">
+ <td width="22%" valign="top" class="vncellreq">DH Parameters Length</td>
+ <td width="78%" class="vtable">
+ <select name="dh_length" class="formselect">
+ <?php
+ foreach ($openvpn_dh_lengths as $length):
+ $selected = '';
+ if ($length == $pconfig['dh_length'])
+ $selected = ' selected';
+ ?>
+ <option<?=$selected?>><?=$length;?></option>
+ <?php endforeach; ?>
+ </select>
+ <span class="vexpl">
+ bits
+ </span>
+ </td>
+ </tr>
<tr id="psk">
<td width="22%" valign="top" class="vncellreq">Shared Key</td>
<td width="78%" class="vtable">
OpenPOWER on IntegriCloud