diff options
| -rw-r--r-- | etc/inc/config.inc | 14 | ||||
| -rw-r--r-- | etc/inc/openvpn.inc | 13 | ||||
| -rw-r--r-- | usr/local/www/vpn_openvpn_server.php | 5 |
3 files changed, 25 insertions, 7 deletions
diff --git a/etc/inc/config.inc b/etc/inc/config.inc index 006af13..edff9e0 100644 --- a/etc/inc/config.inc +++ b/etc/inc/config.inc @@ -1747,6 +1747,7 @@ endif; } /* modify configuration values */ + unset($server['dh_params']); if (!$server['interface']) $server['interface'] = 'wan'; $server['tunnel_network'] = $server['addresspool']; @@ -1886,8 +1887,17 @@ endif; unset($config['installedpackages']['openvpncsc']); } - $config['installedpackages'] = array(); - $config['installedpackages']['carp'] = array(); + /* + * FIXME: hack to keep things working with no installedpackages + * or carp array in the configuration data. + */ + if (!is_array($config['installedpackages'])) + $config['installedpackages'] = array(); + if (!is_array($config['installedpackages']['carp'])) + $config['installedpackages']['carp'] = array(); + + /* reconfigure openvpn services */ + openvpn_resync_all(); $config['version'] = "5.2"; } diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index efea035..1225f40 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -342,8 +342,11 @@ EOD; openvpn_add_keyfile($cert['crt'], $conf, $mode_id, "cert"); openvpn_add_keyfile($cert['prv'], $conf, $mode_id, "key"); - if ($mode == 'server') - openvpn_add_keyfile($settings['dh_params'], $conf, $mode_id, "dh"); + if ($mode == 'server') { + $path_ovdh = $g['varetc_path']."/openvpn/dh-parameters"; + $conf .= "dh {$path_ovdh}\n"; + } + if ($settings['crl']) openvpn_add_keyfile($settings['crl'], $conf, $mode_id, "crl-verify"); if ($settings['tls']) @@ -465,6 +468,12 @@ function openvpn_resync_all() { chown($path_ovpn, 'nobody'); chgrp($path_ovpn, 'nobody'); + $path_ovdh = $g['varetc_path']."/openvpn/dh-parameters"; + if (!file_exists($path_ovdh)) { + echo "Setting up OpenVPN environment ...\n"; + exec("/usr/bin/openssl dhparam -out {$path_ovdh} 1024"); + } + $path_csc = $g['varetc_path']."/openvpn_csc"; safe_mkdir($path_csc); diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php index 0de0cef..e2b2b84 100644 --- a/usr/local/www/vpn_openvpn_server.php +++ b/usr/local/www/vpn_openvpn_server.php @@ -205,10 +205,9 @@ if ($_POST) { $server = array(); - if (isset($id) && $a_server[$id]) { - $server['dh_params'] = $a_server[$id]['dh_params']; + if (isset($id) && $a_server[$id]) $server['vpnid'] = $a_server[$id]['vpnid']; - } else + else $server['vpnid'] = openvpn_vpnid_next(); $server['disable'] = $pconfig['disable']; |
