From patchwork Thu Feb 15 15:43:49 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Erik Kapfer X-Patchwork-Id: 1668 Return-Path: Received: from mail01.ipfire.org (unknown [172.28.1.200]) by web02.i.ipfire.org (Postfix) with ESMTP id 3AD7960B17 for ; Thu, 15 Feb 2018 05:44:54 +0100 (CET) X-Virus-Scanned: ClamAV at mail01.ipfire.org Received: from mail01.i.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 404B1111EC09; Thu, 15 Feb 2018 04:44:58 +0000 (GMT) Authentication-Results: mail01.ipfire.org; dmarc=pass (p=none dis=none) header.from=ipfire.org Authentication-Results: mail01.ipfire.org; spf=pass smtp.mailfrom=development-bounces@lists.ipfire.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ipfire.org; s=201801; t=1518669898; x=1521261898; bh=UKbMkpn6qQG44L6lgy3ril71x7vWq9ywhyx5RLDPP6g=; h=From:To:Subject:Date:Message-Id:Sender:From:To:Cc:Date: Content-Type:Message-ID:In-Reply-To:Subject:Reply-To:Sender; b=dmos0IPinch5LbDhdYvpzYX3iq1jPs8OtGQi7hgJtLru0cLi8YvV9Tnt6v7ssl3To hdnaRQxnJfd7jMKzwajY1hHRNQNqTcDyweVO+ihO92qgWvl4QxYSSjzKzoKKsZm5Ys HG6jenslxd4GP7UBv8LQLRNzBEpSP27orcNr23xLmQF+Qf0YpQ49n09RBgpdDYnOSb Q5Hg23rcOhYX5RRLOnGcJMXth1YLGSbm7hMH6/FSZLeyPaOhbKO4k+9eb83PARadhn e7UZyntRxxwsqFOaBmuKmuUKx4djv2MnMhF/tQ7bE79gqR3EzJ5nKIy0wRjJTjCRf6 i1I/KPBJ2c+tA== X-Virus-Scanned: ClamAV at mail01.ipfire.org Received: from localhost.localdomain (i59F4AE97.versanet.de [89.244.174.151]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 4C5D5111EC0F; Thu, 15 Feb 2018 04:44:00 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ipfire.org; s=201801; t=1518669840; x=1521261840; bh=UKbMkpn6qQG44L6lgy3ril71x7vWq9ywhyx5RLDPP6g=; h=From:To:Cc:Subject:Date:Message-Id:From:To:Cc:Date:Content-Type: Message-ID:In-Reply-To:Subject:Reply-To:Sender; b=Yze93NeahqN2CGZa+1jlK72y3yEeqqDJqbPcBAm2PJo1ErUc+qsCx/rPY++iNggQN ZJFffUhOjpeugP1c5dhPErWySg3W5uhjVa54hndrOdh8BSyfZOCqsX4x5K+8yIhkG3 2CJC6xPfoihPkhkewmy0ytA64fev54cVsna2zU3fZOag8KLF6e8e8gR+9Df5WSioNy ECd1//6jvPpGaFbqCZPanP9XBI4jCCadMze/dU5nHPrl/VL0R23p/IbMtpDPq2x87Y SVlwMUvYSm8UF1qhwNO+iKSv0Ud2wRQfNsFFrtmEkgdt9ZlU0VpqNfsmXTT+cGqxpW BGQvZVQ97OV/g== From: Erik Kapfer To: development@lists.ipfire.org Subject: [PATCH] OpenVPN: Added needed directive for v2.4 update Date: Thu, 15 Feb 2018 05:43:49 +0100 Message-Id: <1518669829-22328-1-git-send-email-erik.kapfer@ipfire.org> X-Mailer: git-send-email 2.7.4 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" script-security: The support for the 'system' flag has been removed due to security implications with shell expansions when executing scripts via system() call. For more informations: https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage . ncp-disable: Negotiable crypto parameters has been disabled for the first. Signed-off-by: Erik Kapfer --- html/cgi-bin/ovpnmain.cgi | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 0a18ec7..a7daf89 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -216,7 +216,7 @@ sub writeserverconf { print CONF "dev tun\n"; print CONF "proto $sovpnsettings{'DPROTOCOL'}\n"; print CONF "port $sovpnsettings{'DDEST_PORT'}\n"; - print CONF "script-security 3 system\n"; + print CONF "script-security 3\n"; print CONF "ifconfig-pool-persist /var/ipfire/ovpn/ovpn-leases.db 3600\n"; print CONF "client-config-dir /var/ipfire/ovpn/ccd\n"; print CONF "tls-server\n"; @@ -289,6 +289,7 @@ sub writeserverconf { } print CONF "status-version 1\n"; print CONF "status /var/run/ovpnserver.log 30\n"; + print CONF "ncp-disable\n"; print CONF "cipher $sovpnsettings{DCIPHER}\n"; if ($sovpnsettings{'DAUTH'} eq '') { print CONF "";