OpenVPN: Add tls-version-min for TLSv1.2

[ipfire-2.x.git] / html / cgi-bin / ovpnmain.cgi

diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 23bbf40757b7f7b4e66958b46b943efcfb732934..e7bc505e744aaae5e6a07727c3d2f40d3fc0976f 100644 (file)
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -35,7 +35,7 @@ require '/var/ipfire/general-functions.pl';
 require "${General::swroot}/lang.pl";
 require "${General::swroot}/header.pl";
 require "${General::swroot}/countries.pl";
-require "${General::swroot}/geoip-functions.pl";
+require "${General::swroot}/location-functions.pl";
 
 # enable only the following on debugging purpose
 #use warnings;
@@ -333,6 +333,8 @@ sub writeserverconf {
     print CONF "ncp-disable\n";
     print CONF "cipher $sovpnsettings{DCIPHER}\n";
        print CONF "auth $sovpnsettings{'DAUTH'}\n";
+    # Set TLSv2 as minimum
+    print CONF "tls-version-min 1.2\n";
 
     if ($sovpnsettings{'TLSAUTH'} eq 'on') {
        print CONF "tls-auth ${General::swroot}/ovpn/certs/ta.key\n";
@@ -890,7 +892,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) {
        undef $vpnsettings{'ROUTES_PUSH'};
        &write_routepushfile;
     }
-    if ((length($cgiparams{'MAX_CLIENTS'}) == 0) || (($cgiparams{'MAX_CLIENTS'}) < 1 ) || (($cgiparams{'MAX_CLIENTS'}) > 255 )) {
+    if ((length($cgiparams{'MAX_CLIENTS'}) == 0) || (($cgiparams{'MAX_CLIENTS'}) < 1 ) || (($cgiparams{'MAX_CLIENTS'}) > 1024 )) {
         $errormessage = $Lang::tr{'invalid input for max clients'};
         goto ADV_ERROR;
     }
@@ -996,6 +998,9 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General
     print SERVERCONF "auth $cgiparams{'DAUTH'}\n";
   }
 
+  # Set TLSv1.2 as minimum
+  print SERVERCONF "tls-version-min 1.2\n";
+
   if ($cgiparams{'COMPLZO'} eq 'on') {
    print SERVERCONF "# Enable Compression\n";
    print SERVERCONF "comp-lzo\n";
@@ -1098,6 +1103,9 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General
     print CLIENTCONF "auth $cgiparams{'DAUTH'}\n";
   }
 
+  # Set TLSv1.2 as minimum
+  print CLIENTCONF "tls-version-min 1.2\n";
+
   if ($cgiparams{'COMPLZO'} eq 'on') {
    print CLIENTCONF "# Enable Compression\n";
    print CLIENTCONF "comp-lzo\n";
@@ -2995,7 +3003,7 @@ END
     &Header::openbox('100%', 'LEFT', $Lang::tr{'ovpn con stat'});
 
     # Libloc database handle.
-    my $libloc_db_handle = &GeoIP::init();
+    my $libloc_db_handle = &Location::Functions::init();
 
 #
 #      <td><b>$Lang::tr{'protocol'}</b></td>
@@ -3047,8 +3055,8 @@ END
                    $users[$uid]{'Proto'} = $proto;
 
                    # get country code for "RealAddress"...
-                   my $ccode = &GeoIP::lookup_country_code($libloc_db_handle, (split ':', $users[$uid]{'RealAddress'})[0]);
-                   my $flag_icon = &GeoIP::get_flag_icon($ccode);
+                   my $ccode = &Location::Functions::lookup_country_code($libloc_db_handle, (split ':', $users[$uid]{'RealAddress'})[0]);
+                   my $flag_icon = &Location::Functions::get_flag_icon($ccode);
                    $users[$uid]{'Country'} = "<a href='country.cgi#$ccode'><img src='$flag_icon' border='0' align='absmiddle' alt='$ccode' title='$ccode' /></a>";
                    $uid++;
                }