Bug #9748
closed
openvpn_wizard.xml: DH 15360 and 16384 fall back to 1024
Added by Viktor Gurov about 5 years ago.
Updated almost 5 years ago.
Affected Version:
2.4.4-p3
Description
If you select DH Parameters Length above 8192, i.e. 15360 or 16384, it creates server instance with DH length 1024
And you can't select DH length above 8192 in server configuration
Files
It shows correct number in config.xml:
<dh_length>16384</dh_length>
And on VPN / OpenVPN / Servers page
but it show 1024 on server edit page
and do not create server.conf and server.tls-auth files in /var/etc/openvpn/
only server.ca, server.cert, server.key
- Assignee set to Jim Pingle
- Target version set to 2.5.0
- Status changed from New to Confirmed
- Priority changed from Normal to Low
- Target version deleted (
2.5.0)
Looking deeper at the code, this is expected, but might be possible to improve.
The options are missing from the OpenVPN server because the files for those DH parameters do not exist on the filesystem, they must be created by the user since we don't ship stock DH parameters of that size, though the code supports using them.
The options are there in the wizard because they are hardcoded in the wizard XML file.
If the admin creates the files for those size DH parameters (e.g. /usr/bin/openssl dhparam -out /etc/dh-parameters.15360 15360) then they will appear in the server and can be used.
I'll see if the wizard list can be populated dynamically instead of hardcoded.
- Target version set to 2.5.0
- Status changed from Confirmed to Feedback
- % Done changed from 0 to 100
- Status changed from Feedback to Resolved
- Target version changed from 2.5.0 to 2.4.5
- Status changed from Resolved to Feedback
Needs checked and/or tested again on 2.4.5 snapshots
Jim Pingle wrote:
Needs checked and/or tested again on 2.4.5 snapshots
tested on 2.4.5.a.20191205.1442_3
ok, Resolved
- Status changed from Feedback to Resolved
Also available in: Atom
PDF
Updated by Viktor Gurov 
Updated by 