openvpn_wizard.xml: DH 15360 and 16384 fall back to 1024
If you select DH Parameters Length above 8192, i.e. 15360 or 16384, it creates server instance with DH length 1024
And you can't select DH length above 8192 in server configuration
#1 Updated by Viktor Gurov 7 months ago
It shows correct number in config.xml:
And on VPN / OpenVPN / Servers page
but it show 1024 on server edit page
and do not create server.conf and server.tls-auth files in /var/etc/openvpn/
only server.ca, server.cert, server.key
#3 Updated by Jim Pingle 7 months ago
- Status changed from New to Confirmed
- Priority changed from Normal to Low
- Target version deleted (
Looking deeper at the code, this is expected, but might be possible to improve.
The options are missing from the OpenVPN server because the files for those DH parameters do not exist on the filesystem, they must be created by the user since we don't ship stock DH parameters of that size, though the code supports using them.
The options are there in the wizard because they are hardcoded in the wizard XML file.
If the admin creates the files for those size DH parameters (e.g.
/usr/bin/openssl dhparam -out /etc/dh-parameters.15360 15360) then they will appear in the server and can be used.
I'll see if the wizard list can be populated dynamically instead of hardcoded.