Project

General

Profile

Actions
Copy link

Bug #9748

closed

openvpn_wizard.xml: DH 15360 and 16384 fall back to 1024

Added by Viktor Gurov about 5 years ago. Updated almost 5 years ago.

Status:
Resolved
Priority:
Low
Assignee:
Jim Pingle
Category:
OpenVPN
Target version:
2.4.5
Start date:
09/12/2019
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4.4-p3
Affected Architecture:

Description

If you select DH Parameters Length above 8192, i.e. 15360 or 16384, it creates server instance with DH length 1024
And you can't select DH length above 8192 in server configuration

Files

Screenshot from 2019-09-12 13-16-28.png (12.4 KB) Screenshot from 2019-09-12 13-16-28.png VPN / OpenVPN / Servers page Viktor Gurov, 09/12/2019 05:22 AM
Actions
Copy link
 #1

Updated by Viktor Gurov about 5 years ago

It shows correct number in config.xml:
<dh_length>16384</dh_length>

And on VPN / OpenVPN / Servers page

but it show 1024 on server edit page

and do not create server.conf and server.tls-auth files in /var/etc/openvpn/
only server.ca, server.cert, server.key

Actions
Copy link
 #2

Updated by Jim Pingle about 5 years ago

  • Assignee set to Jim Pingle
  • Target version set to 2.5.0
Actions
Copy link
 #3

Updated by Jim Pingle about 5 years ago

  • Status changed from New to Confirmed
  • Priority changed from Normal to Low
  • Target version deleted (2.5.0)

Looking deeper at the code, this is expected, but might be possible to improve.

The options are missing from the OpenVPN server because the files for those DH parameters do not exist on the filesystem, they must be created by the user since we don't ship stock DH parameters of that size, though the code supports using them.

The options are there in the wizard because they are hardcoded in the wizard XML file.

If the admin creates the files for those size DH parameters (e.g. /usr/bin/openssl dhparam -out /etc/dh-parameters.15360 15360) then they will appear in the server and can be used.

I'll see if the wizard list can be populated dynamically instead of hardcoded.

Actions
Copy link
 #4

Updated by Jim Pingle about 5 years ago

  • Target version set to 2.5.0
Actions
Copy link
 #5

Updated by Jim Pingle about 5 years ago

  • Status changed from Confirmed to Feedback
  • % Done changed from 0 to 100
Actions
Copy link
 #6

Updated by Viktor Gurov about 5 years ago

Jim Pingle wrote:

Applied in changeset 52f686a97f77cfd00ddb69088bef7164676d4117.

checked, it's OK now

Resolved

Actions
Copy link
 #7

Updated by Jim Pingle about 5 years ago

  • Status changed from Feedback to Resolved
Actions
Copy link
 #8

Updated by Jim Pingle about 5 years ago

  • Target version changed from 2.5.0 to 2.4.5
Actions
Copy link
 #9

Updated by Jim Pingle almost 5 years ago

  • Status changed from Resolved to Feedback

Needs checked and/or tested again on 2.4.5 snapshots

Actions
Copy link
 #10

Updated by Viktor Gurov almost 5 years ago

Jim Pingle wrote:

Needs checked and/or tested again on 2.4.5 snapshots

tested on 2.4.5.a.20191205.1442_3

ok, Resolved

Actions
Copy link
 #11

Updated by Jim Pingle almost 5 years ago

  • Status changed from Feedback to Resolved
Actions
Copy link

Also available in: Atom PDF