print CONF "port $sovpnsettings{'DDEST_PORT'}\n";
print CONF "script-security 3 system\n";
print CONF "ifconfig-pool-persist /var/ipfire/ovpn/ovpn-leases.db 3600\n";
+ print CONF "client-config-dir /var/ipfire/ovpn/ccd\n";
print CONF "tls-server\n";
print CONF "ca /var/ipfire/ovpn/ca/cacert.pem\n";
print CONF "cert /var/ipfire/ovpn/certs/servercert.pem\n";
if ($sovpnsettings{CLIENT2CLIENT} eq 'on') {
print CONF "client-to-client\n";
}
- if ($sovpnsettings{MSSFIX} eq 'on') {
- print CONF "mssfix\n";
- }
- if ($sovpnsettings{FRAGMENT} ne '' && $sovpnsettings{'DPROTOCOL'} ne 'tcp') {
- print CONF "fragment $sovpnsettings{'FRAGMENT'}\n";
+ if ($sovpnsettings{'DPROTOCOL'} eq 'udp') {
+ if ($sovpnsettings{MSSFIX} eq 'on') {
+ print CONF "mssfix\n";
+ }
+ if ($sovpnsettings{'FRAGMENT'} eq '' || $sovpnsettings{'FRAGMENT'} eq 0) {
+ $sovpnsettings{'FRAGMENT'} = '1300';
+ }
+ print CONF "fragment $sovpnsettings{'FRAGMENT'}\n";
}
if ($sovpnsettings{KEEPALIVE_1} > 0 && $sovpnsettings{KEEPALIVE_2} > 0) {
print CONF "keepalive $sovpnsettings{'KEEPALIVE_1'} $sovpnsettings{'KEEPALIVE_2'}\n";
}
}
if ($cgiparams{'MSSFIX'} ne 'on') {
- delete $vpnsettings{'MSSFIX'};
+ $vpnsettings{'MSSFIX'} = 'off';
} else {
$vpnsettings{'MSSFIX'} = $cgiparams{'MSSFIX'};
}
if ($cgiparams{'MAX_CLIENTS'} eq '') {
$cgiparams{'MAX_CLIENTS'} = '100';
}
-
if ($cgiparams{'KEEPALIVE_1'} eq '') {
$cgiparams{'KEEPALIVE_1'} = '10';
}
$cgiparams{'KEEPALIVE_2'} = '60';
}
if ($cgiparams{'LOG_VERB'} eq '') {
- $cgiparams{'LOG_VERB'} = '3';
+ $cgiparams{'LOG_VERB'} = '3';
+ }
+ if ($cgiparams{'MSSFIX'} eq '') {
+ $cgiparams{'MSSFIX'} = 'on';
+ }
+ if ($cgiparams{'FRAGMENT'} eq '') {
+ $cgiparams{'FRAGMENT'} = '1300';
}
$checked{'CLIENT2CLIENT'}{'off'} = '';
$checked{'CLIENT2CLIENT'}{'on'} = '';
# Sign the certificate request and move it
# Sign the host certificate request
- system('/usr/bin/openssl', 'ca', '-days', '999999',
+ system('/usr/bin/openssl', 'ca', '-days', "$cgiparams{'DAYS_VALID'}",
'-batch', '-notext',
'-in', $filename,
'-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem",
}
# Sign the host certificate request
- system('/usr/bin/openssl', 'ca', '-days', '999999',
+ system('/usr/bin/openssl', 'ca', '-days', "$cgiparams{'DAYS_VALID'}",
'-batch', '-notext',
'-in', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem",
'-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem",
;
my $id = 0;
my $gif;
- foreach my $key (keys %confighash) {
+ foreach my $key (sort { uc($confighash{$a}[1]) cmp uc($confighash{$b}[1]) } keys %confighash) {
if ($confighash{$key}[0] eq 'on') { $gif = 'on.gif'; } else { $gif = 'off.gif'; }
if ($id % 2) {