[2/2] ovpn: Add ta.key check to main settings

Message ID 20190918050334.10792-2-ummeegge@ipfire.org
State Accepted
Commit b21a6319cd89534a7ba45bd327d297d4ee76a90d
Headers
Series [1/2] ovpn: Generate ta.key before dh-parameter |

Commit Message

ummeegge Sept. 18, 2019, 5:03 a.m. UTC
  Since Core 132 the 'TLS Channel Protection' is part of the global settings,
the ta.key generation check should also be in the main section otherwise it
won´t be created if not present.

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
---
 html/cgi-bin/ovpnmain.cgi | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)
  

Comments

ummeegge Sept. 19, 2019, 2:37 p.m. UTC | #1
Sorry for sending in this patches so late but i thought it makes sense
to solve some open bugs in this topic.

Should i send it in again after Core 136 release ?

Best,

Erik

On Mi, 2019-09-18 at 07:03 +0200, Erik Kapfer wrote:
> Since Core 132 the 'TLS Channel Protection' is part of the global
> settings,
> the ta.key generation check should also be in the main section
> otherwise it
> won´t be created if not present.
> 
> Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
> ---
>  html/cgi-bin/ovpnmain.cgi | 22 +++++++++++-----------
>  1 file changed, 11 insertions(+), 11 deletions(-)
> 
> diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
> index 5de80b269..5b8ca9731 100644
> --- a/html/cgi-bin/ovpnmain.cgi
> +++ b/html/cgi-bin/ovpnmain.cgi
> @@ -898,17 +898,6 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-
> options'}) {
>          $errormessage = $Lang::tr{'invalid input for keepalive
> 1:2'};
>          goto ADV_ERROR;	
>      }
> -    # Create ta.key for tls-auth if not presant
> -    if ($cgiparams{'TLSAUTH'} eq 'on') {
> -	if ( ! -e "${General::swroot}/ovpn/certs/ta.key") {
> -		system('/usr/sbin/openvpn', '--genkey', '--secret',
> "${General::swroot}/ovpn/certs/ta.key");
> -		if ($?) {
> -		$errormessage = "$Lang::tr{'openssl produced an
> error'}: $?";
> -        goto ADV_ERROR;
> -		}
> -	}
> -    }
> -    
>      &General::writehash("${General::swroot}/ovpn/settings",
> \%vpnsettings);
>      &writeserverconf();#hier ok
>  }
> @@ -1189,6 +1178,17 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'}
> && $cgiparams{'TYPE'} eq '' && $cg
>  	goto SETTINGS_ERROR;
>      }
>  
> +	# Create ta.key for tls-auth if not presant
> +	if ($cgiparams{'TLSAUTH'} eq 'on') {
> +		if ( ! -e "${General::swroot}/ovpn/certs/ta.key") {
> +			system('/usr/sbin/openvpn', '--genkey', '
> --secret', "${General::swroot}/ovpn/certs/ta.key");
> +			if ($?) {
> +				$errormessage = "$Lang::tr{'openssl
> produced an error'}: $?";
> +				goto SETTINGS_ERROR;
> +			}
> +		}
> +	}
> +
>      $vpnsettings{'ENABLED_BLUE'} = $cgiparams{'ENABLED_BLUE'};
>      $vpnsettings{'ENABLED_ORANGE'} =$cgiparams{'ENABLED_ORANGE'};
>      $vpnsettings{'ENABLED'} = $cgiparams{'ENABLED'};
  

Patch

diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 5de80b269..5b8ca9731 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -898,17 +898,6 @@  if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) {
         $errormessage = $Lang::tr{'invalid input for keepalive 1:2'};
         goto ADV_ERROR;	
     }
-    # Create ta.key for tls-auth if not presant
-    if ($cgiparams{'TLSAUTH'} eq 'on') {
-	if ( ! -e "${General::swroot}/ovpn/certs/ta.key") {
-		system('/usr/sbin/openvpn', '--genkey', '--secret', "${General::swroot}/ovpn/certs/ta.key");
-		if ($?) {
-		$errormessage = "$Lang::tr{'openssl produced an error'}: $?";
-        goto ADV_ERROR;
-		}
-	}
-    }
-    
     &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
     &writeserverconf();#hier ok
 }
@@ -1189,6 +1178,17 @@  if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg
 	goto SETTINGS_ERROR;
     }
 
+	# Create ta.key for tls-auth if not presant
+	if ($cgiparams{'TLSAUTH'} eq 'on') {
+		if ( ! -e "${General::swroot}/ovpn/certs/ta.key") {
+			system('/usr/sbin/openvpn', '--genkey', '--secret', "${General::swroot}/ovpn/certs/ta.key");
+			if ($?) {
+				$errormessage = "$Lang::tr{'openssl produced an error'}: $?";
+				goto SETTINGS_ERROR;
+			}
+		}
+	}
+
     $vpnsettings{'ENABLED_BLUE'} = $cgiparams{'ENABLED_BLUE'};
     $vpnsettings{'ENABLED_ORANGE'} =$cgiparams{'ENABLED_ORANGE'};
     $vpnsettings{'ENABLED'} = $cgiparams{'ENABLED'};