[2/2] ovpn: Add ta.key check to main settings
Commit Message
Since Core 132 the 'TLS Channel Protection' is part of the global settings,
the ta.key generation check should also be in the main section otherwise it
won´t be created if not present.
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
---
html/cgi-bin/ovpnmain.cgi | 22 +++++++++++-----------
1 file changed, 11 insertions(+), 11 deletions(-)
Comments
Sorry for sending in this patches so late but i thought it makes sense
to solve some open bugs in this topic.
Should i send it in again after Core 136 release ?
Best,
Erik
On Mi, 2019-09-18 at 07:03 +0200, Erik Kapfer wrote:
> Since Core 132 the 'TLS Channel Protection' is part of the global
> settings,
> the ta.key generation check should also be in the main section
> otherwise it
> won´t be created if not present.
>
> Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
> ---
> html/cgi-bin/ovpnmain.cgi | 22 +++++++++++-----------
> 1 file changed, 11 insertions(+), 11 deletions(-)
>
> diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
> index 5de80b269..5b8ca9731 100644
> --- a/html/cgi-bin/ovpnmain.cgi
> +++ b/html/cgi-bin/ovpnmain.cgi
> @@ -898,17 +898,6 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-
> options'}) {
> $errormessage = $Lang::tr{'invalid input for keepalive
> 1:2'};
> goto ADV_ERROR;
> }
> - # Create ta.key for tls-auth if not presant
> - if ($cgiparams{'TLSAUTH'} eq 'on') {
> - if ( ! -e "${General::swroot}/ovpn/certs/ta.key") {
> - system('/usr/sbin/openvpn', '--genkey', '--secret',
> "${General::swroot}/ovpn/certs/ta.key");
> - if ($?) {
> - $errormessage = "$Lang::tr{'openssl produced an
> error'}: $?";
> - goto ADV_ERROR;
> - }
> - }
> - }
> -
> &General::writehash("${General::swroot}/ovpn/settings",
> \%vpnsettings);
> &writeserverconf();#hier ok
> }
> @@ -1189,6 +1178,17 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'}
> && $cgiparams{'TYPE'} eq '' && $cg
> goto SETTINGS_ERROR;
> }
>
> + # Create ta.key for tls-auth if not presant
> + if ($cgiparams{'TLSAUTH'} eq 'on') {
> + if ( ! -e "${General::swroot}/ovpn/certs/ta.key") {
> + system('/usr/sbin/openvpn', '--genkey', '
> --secret', "${General::swroot}/ovpn/certs/ta.key");
> + if ($?) {
> + $errormessage = "$Lang::tr{'openssl
> produced an error'}: $?";
> + goto SETTINGS_ERROR;
> + }
> + }
> + }
> +
> $vpnsettings{'ENABLED_BLUE'} = $cgiparams{'ENABLED_BLUE'};
> $vpnsettings{'ENABLED_ORANGE'} =$cgiparams{'ENABLED_ORANGE'};
> $vpnsettings{'ENABLED'} = $cgiparams{'ENABLED'};
@@ -898,17 +898,6 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) {
$errormessage = $Lang::tr{'invalid input for keepalive 1:2'};
goto ADV_ERROR;
}
- # Create ta.key for tls-auth if not presant
- if ($cgiparams{'TLSAUTH'} eq 'on') {
- if ( ! -e "${General::swroot}/ovpn/certs/ta.key") {
- system('/usr/sbin/openvpn', '--genkey', '--secret', "${General::swroot}/ovpn/certs/ta.key");
- if ($?) {
- $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
- goto ADV_ERROR;
- }
- }
- }
-
&General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
&writeserverconf();#hier ok
}
@@ -1189,6 +1178,17 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg
goto SETTINGS_ERROR;
}
+ # Create ta.key for tls-auth if not presant
+ if ($cgiparams{'TLSAUTH'} eq 'on') {
+ if ( ! -e "${General::swroot}/ovpn/certs/ta.key") {
+ system('/usr/sbin/openvpn', '--genkey', '--secret', "${General::swroot}/ovpn/certs/ta.key");
+ if ($?) {
+ $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
+ goto SETTINGS_ERROR;
+ }
+ }
+ }
+
$vpnsettings{'ENABLED_BLUE'} = $cgiparams{'ENABLED_BLUE'};
$vpnsettings{'ENABLED_ORANGE'} =$cgiparams{'ENABLED_ORANGE'};
$vpnsettings{'ENABLED'} = $cgiparams{'ENABLED'};