From: Erik Kapfer <erik.kapfer@ipfire.org>
Date: Thu, 15 Feb 2018 04:43:49 +0000 (+0100)
Subject: OpenVPN: Added needed directive for v2.4 update
X-Git-Tag: v2.19-core120~80^2
X-Git-Url: http://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff_plain;h=a4fd232541bf5002eb7e256727d2b10c89b6d1bf

OpenVPN: Added needed directive for v2.4 update

script-security: The support for the 'system' flag has been removed due to security implications
    with shell expansions when executing scripts via system() call.
    For more informations: https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage .

ncp-disable: Negotiable crypto parameters has been disabled for the first.

Signed-off-by: Erik Kapfer <erik.kapfer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 9f5e682bdc..424a5c9844 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -216,7 +216,7 @@ sub writeserverconf {
     print CONF "dev tun\n";
     print CONF "proto $sovpnsettings{'DPROTOCOL'}\n";
     print CONF "port $sovpnsettings{'DDEST_PORT'}\n";
-    print CONF "script-security 3 system\n";
+    print CONF "script-security 3\n";
     print CONF "ifconfig-pool-persist /var/ipfire/ovpn/ovpn-leases.db 3600\n";
     print CONF "client-config-dir /var/ipfire/ovpn/ccd\n";
     print CONF "tls-server\n";
@@ -289,6 +289,7 @@ sub writeserverconf {
     }	
     print CONF "status-version 1\n";
     print CONF "status /var/run/ovpnserver.log 30\n";
+    print CONF "ncp-disable\n";
     print CONF "cipher $sovpnsettings{DCIPHER}\n";
     if ($sovpnsettings{'DAUTH'} eq '') {
         print CONF "";