]> git.ipfire.org Git - ipfire-2.x.git/commitdiff
projects / ipfire-2.x.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ae04d0a)
ovpn: Add ta.key check to main settings
authorErik Kapfer <ummeegge@ipfire.org>
Wed, 18 Sep 2019 05:03:34 +0000 (07:03 +0200)
committerArne Fitzenreiter <arne_f@ipfire.org>
Tue, 8 Oct 2019 18:04:52 +0000 (18:04 +0000)
Since Core 132 the 'TLS Channel Protection' is part of the global settings,
the ta.key generation check should also be in the main section otherwise it
won´t be created if not present.

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
html/cgi-bin/ovpnmain.cgi patch | blob | blame | history

diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 5de80b269b4c462cadca006dee09d54c59aeb748..5b8ca9731381def5f3af42a041dd7d7870fa6e6e 100644 (file)
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -898,17 +898,6 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) {
         $errormessage = $Lang::tr{'invalid input for keepalive 1:2'};
         goto ADV_ERROR;        
     }
-    # Create ta.key for tls-auth if not presant
-    if ($cgiparams{'TLSAUTH'} eq 'on') {
-       if ( ! -e "${General::swroot}/ovpn/certs/ta.key") {
-               system('/usr/sbin/openvpn', '--genkey', '--secret', "${General::swroot}/ovpn/certs/ta.key");
-               if ($?) {
-               $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
-        goto ADV_ERROR;
-               }
-       }
-    }
-    
     &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
     &writeserverconf();#hier ok
 }
@@ -1189,6 +1178,17 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg
        goto SETTINGS_ERROR;
     }
 
+       # Create ta.key for tls-auth if not presant
+       if ($cgiparams{'TLSAUTH'} eq 'on') {
+               if ( ! -e "${General::swroot}/ovpn/certs/ta.key") {
+                       system('/usr/sbin/openvpn', '--genkey', '--secret', "${General::swroot}/ovpn/certs/ta.key");
+                       if ($?) {
+                               $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
+                               goto SETTINGS_ERROR;
+                       }
+               }
+       }
+
     $vpnsettings{'ENABLED_BLUE'} = $cgiparams{'ENABLED_BLUE'};
     $vpnsettings{'ENABLED_ORANGE'} =$cgiparams{'ENABLED_ORANGE'};
     $vpnsettings{'ENABLED'} = $cgiparams{'ENABLED'};
IPFire 2.x development tree