vpnmain.cgi: Support more ciphers and integrity algorithms.

[people/teissler/ipfire-2.x.git] / html / cgi-bin / ovpnmain.cgi

diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 0c4502da6b5554eec6d88c33714f1b6818aff8a4..f91adf1f4a48a9702844d93befb0201944e1e96b 100644 (file)
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -334,6 +334,7 @@ sub writeserverconf {
     print CONF "port $sovpnsettings{'DDEST_PORT'}\n";
     print CONF "script-security 3 system\n";
     print CONF "ifconfig-pool-persist /var/ipfire/ovpn/ovpn-leases.db 3600\n";
+    print CONF "client-config-dir /var/ipfire/ovpn/ccd\n";
     print CONF "tls-server\n";
     print CONF "ca /var/ipfire/ovpn/ca/cacert.pem\n";
     print CONF "cert /var/ipfire/ovpn/certs/servercert.pem\n";
@@ -355,11 +356,14 @@ sub writeserverconf {
     if ($sovpnsettings{CLIENT2CLIENT} eq 'on') {
        print CONF "client-to-client\n";
     }
-    if ($sovpnsettings{MSSFIX} eq 'on') {
-       print CONF "mssfix\n";
-    }
-    if ($sovpnsettings{FRAGMENT} ne '' && $sovpnsettings{'DPROTOCOL'} ne 'tcp') {
-       print CONF "fragment $sovpnsettings{'FRAGMENT'}\n";
+    if ($sovpnsettings{'DPROTOCOL'} eq 'udp') {
+        if ($sovpnsettings{MSSFIX} eq 'on') {
+           print CONF "mssfix\n";
+        }
+        if ($sovpnsettings{'FRAGMENT'} eq '' || $sovpnsettings{'FRAGMENT'} eq 0) {
+               $sovpnsettings{'FRAGMENT'} = '1300';
+        }
+        print CONF "fragment $sovpnsettings{'FRAGMENT'}\n";
     }
     if ($sovpnsettings{KEEPALIVE_1} > 0 && $sovpnsettings{KEEPALIVE_2} > 0) {  
        print CONF "keepalive $sovpnsettings{'KEEPALIVE_1'} $sovpnsettings{'KEEPALIVE_2'}\n";
@@ -528,7 +532,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) {
        }
     }
     if ($cgiparams{'MSSFIX'} ne 'on') {
-       delete $vpnsettings{'MSSFIX'};
+       $vpnsettings{'MSSFIX'} = 'off';
     } else {
        $vpnsettings{'MSSFIX'} = $cgiparams{'MSSFIX'};
     }
@@ -1893,7 +1897,6 @@ ADV_ERROR:
     if ($cgiparams{'MAX_CLIENTS'} eq '') {
        $cgiparams{'MAX_CLIENTS'} =  '100';     
     }
-    
     if ($cgiparams{'KEEPALIVE_1'} eq '') {
        $cgiparams{'KEEPALIVE_1'} =  '10';     
     }
@@ -1901,7 +1904,13 @@ ADV_ERROR:
        $cgiparams{'KEEPALIVE_2'} =  '60';     
     }
     if ($cgiparams{'LOG_VERB'} eq '') {
-       $cgiparams{'LOG_VERB'} =  '3';     
+       $cgiparams{'LOG_VERB'} =  '3';
+    }
+    if ($cgiparams{'MSSFIX'} eq '') {
+        $cgiparams{'MSSFIX'} = 'on';
+    }
+    if ($cgiparams{'FRAGMENT'} eq '') {
+        $cgiparams{'FRAGMENT'} = '1300';
     }
     $checked{'CLIENT2CLIENT'}{'off'} = '';
     $checked{'CLIENT2CLIENT'}{'on'} = '';
@@ -2910,7 +2919,7 @@ if ($cgiparams{'TYPE'} eq 'net') {
 
            # Sign the certificate request and move it
            # Sign the host certificate request
-           system('/usr/bin/openssl', 'ca', '-days', '999999',
+           system('/usr/bin/openssl', 'ca', '-days', "$cgiparams{'DAYS_VALID'}",
                '-batch', '-notext',
                '-in', $filename,
                '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem",
@@ -3089,7 +3098,7 @@ if ($cgiparams{'TYPE'} eq 'net') {
            }
        
            # Sign the host certificate request
-           system('/usr/bin/openssl', 'ca', '-days', '999999',
+           system('/usr/bin/openssl', 'ca', '-days', "$cgiparams{'DAYS_VALID'}",
                '-batch', '-notext',
                '-in',  "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem",
                '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem",
@@ -3873,7 +3882,7 @@ END
        ;
         my $id = 0;
         my $gif;
-        foreach my $key (keys %confighash) {
+        foreach my $key (sort { uc($confighash{$a}[1]) cmp uc($confighash{$b}[1]) } keys %confighash) {
        if ($confighash{$key}[0] eq 'on') { $gif = 'on.gif'; } else { $gif = 'off.gif'; }
 
        if ($id % 2) {