/ - Diff - pfSense - pfSense bugtracker

« Previous | Next »

Revision 97d5b59b

Added by Jim Pingle over 11 years ago

ID 97d5b59b41d6e598b81ad8e4117d0de1e1ec14fa
Parent 204bec28
Child 85bdf997

Add an Authentication Digest Algorithm drop-down to OpenVPN server/client (SHA1 is the default since that is OpenVPN's default)

     	return $ciphers;
+    }
     function openvpn_get_digestlist() {
     	$digests = array();
     	$digest_out = shell_exec('/usr/local/sbin/openvpn --show-digests | /usr/bin/grep "digest size" | /usr/bin/awk \'{print $1, "(" $2 "-" $3 ")";}\'');
     	$digest_lines = explode("\n", trim($digest_out));
     	sort($digest_lines);
     	foreach ($digest_lines as $line) {
     		$words = explode(' ', $line);
     		$digests[$words[0]] = "{$words[0]} {$words[1]}";
+    	}
     	$digests["none"] = gettext("None (No Authentication)");
     	return $digests;
+    }
     function openvpn_get_engines() {
     	$openssl_engines = array('none' => 'No Hardware Crypto Acceleration');
     	exec("/usr/local/bin/openssl engine -t -c", $openssl_engine_output);
-...
     			$proto = "{$proto}-{$mode}";
     	$dev_mode = $settings['dev_mode'];
     	$cipher = $settings['crypto'];
     	// OpenVPN defaults to SHA1, so use it when unset to maintain compatibility.
     	$digest = !empty($settings['digest']) ? $settings['digest'] : "SHA1";
     	$interface = get_failover_interface($settings['interface']);
     	$ipaddr = $settings['ipaddr'];
-...
     	$conf .= "persist-key\n";
     	$conf .= "proto {$proto}\n";
     	$conf .= "cipher {$cipher}\n";
     	$conf .= "auth {$digest}\n";
     	$conf .= "up /usr/local/sbin/ovpn-linkup\n";
     	$conf .= "down /usr/local/sbin/ovpn-linkdown\n";
     	if (file_exists("/usr/local/sbin/openvpn.attributes.sh")) {

     	$pconfig['autotls_enable'] = "yes";
     	$pconfig['interface'] = "wan";
     	$pconfig['server_port'] = 1194;
     	// OpenVPN Defaults to SHA1
     	$pconfig['digest'] = "SHA1";
+    }
     if($_GET['act']=="edit"){
-...
     		} else
     			$pconfig['shared_key'] = base64_decode($a_client[$id]['shared_key']);
     		$pconfig['crypto'] = $a_client[$id]['crypto'];
     		// OpenVPN Defaults to SHA1 if unset
     		$pconfig['digest'] = !empty($a_client[$id]['digest']) ? $a_client[$id]['digest'] : "SHA1";
     		$pconfig['engine'] = $a_client[$id]['engine'];
     		$pconfig['tunnel_network'] = $a_client[$id]['tunnel_network'];
-...
                 $client['shared_key'] = base64_encode($pconfig['shared_key']);
+            }
     		$client['crypto'] = $pconfig['crypto'];
     		$client['digest'] = $pconfig['digest'];
     		$client['engine'] = $pconfig['engine'];
     		$client['tunnel_network'] = $pconfig['tunnel_network'];
-...
     							</select>
     						</td>
     					</tr>
     					<tr>
     						<td width="22%" valign="top" class="vncellreq"><?=gettext("Auth Digest Algorithm"); ?></td>
     						<td width="78%" class="vtable">
     							<select name="digest" class="formselect">
     								<?php
     									$digestlist = openvpn_get_digestlist();
     									foreach ($digestlist as $name => $desc):
     									$selected = '';
     									if ($name == $pconfig['digest'])
     										$selected = ' selected';
     								?>
     								<option value="<?=$name;?>"<?=$selected?>>
     									<?=htmlspecialchars($desc);?>
     								</option>
     								<?php endforeach; ?>
     							</select>
     						</td>
     					</tr>
     					<tr id="engine">
     						<td width="22%" valign="top" class="vncellreq"><?=gettext("Hardware Crypto"); ?></td>
     						<td width="78%" class="vtable">

     	$pconfig['local_port'] = openvpn_port_next('UDP');
     	$pconfig['pool_enable'] = "yes";
     	$pconfig['cert_depth'] = 1;
     	// OpenVPN Defaults to SHA1
     	$pconfig['digest'] = "SHA1";
+    }
     if($_GET['act']=="edit"){
-...
     		} else
     			$pconfig['shared_key'] = base64_decode($a_server[$id]['shared_key']);
     		$pconfig['crypto'] = $a_server[$id]['crypto'];
     		// OpenVPN Defaults to SHA1 if unset
     		$pconfig['digest'] = !empty($a_server[$id]['digest']) ? $a_server[$id]['digest'] : "SHA1";
     		$pconfig['engine'] = $a_server[$id]['engine'];
     		$pconfig['tunnel_network'] = $a_server[$id]['tunnel_network'];
-...
     			$server['shared_key'] = base64_encode($pconfig['shared_key']);
+    		}
     		$server['crypto'] = $pconfig['crypto'];
     		$server['digest'] = $pconfig['digest'];
     		$server['engine'] = $pconfig['engine'];
     		$server['tunnel_network'] = $pconfig['tunnel_network'];
-...
     							</select>
     						</td>
     					</tr>
     					<tr>
     						<td width="22%" valign="top" class="vncellreq"><?=gettext("Auth Digest Algorithm"); ?></td>
     						<td width="78%" class="vtable">
     							<select name="digest" class="formselect">
     								<?php
     									$digestlist = openvpn_get_digestlist();
     									foreach ($digestlist as $name => $desc):
     									$selected = '';
     									if ($name == $pconfig['digest'])
     										$selected = ' selected';
     								?>
     								<option value="<?=$name;?>"<?=$selected?>>
     									<?=htmlspecialchars($desc);?>
     								</option>
     								<?php endforeach; ?>
     							</select>
     						</td>
     					</tr>
     					<tr id="engine">
     						<td width="22%" valign="top" class="vncellreq"><?=gettext("Hardware Crypto"); ?></td>
     						<td width="78%" class="vtable">

Also available in: Unified diff

Project

General

Profile

pfSense

Revision 97d5b59b

Added by Jim Pingle over 11 years ago