Project

General

Profile

Actions

Bug #12677

closed

OpenVPN form validation issues

Added by Jim Pingle over 2 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Very High
Assignee:
Category:
OpenVPN
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
22.01
Release Notes:
Default
Affected Version:
2.5.x
Affected Architecture:

Description

There are a few issues with how we currently handle the data cipher list in OpenVPN client and server pages, including:

  • When an OpenVPN server or client instance is set to shared key mode, the data cipher list is not validated even though it is included in the OpenVPN configuration
  • The data cipher list should not be included in the configuration for shared key mode, it should be using cipher alone similar to when NCP is disabled (though OpenVPN automatically disables cipher negotiation since it's not in client/server mode)
  • The data cipher list should always be validated and stored in the configuration since someone may temporarily decide to change modes or toggle NCP and it shouldn't lose their cipher list/ordering preferences
  • The GUI does not note on the data cipher and fallback fields that they are treated differently in shared key mode
  • The client and server list views do not accurately reflect the ciphers being used in shared key mode, it should not include the contents of the data ciphers list in shared key mode or when NCP is diabled

Most of these are cosmetic and harmless, but the validation issue could potentially be used to include unintended directives in the configuration by someone with access to the client and server pages.

Actions

Also available in: Atom PDF