Finit_field_DH-parameter: Add ffdhe 4096 bit standard group like published in RFC7919
- Deleted Diffie-Hellman generation while PKI creation in ovpnmain.cgi (save imense time).
- Deleted Diffie-Hellman upload and generation section in ovpnmain.cgi
- Set static Diffie-Hellman parameter since custom ones are possibly abusable --> https://datatracker.ietf.org/doc/html/rfc7919.
- Standard Diffie-Hellman group will be added from -->
https://wiki.openssl.org/index.php/Diffie-Hellman_parameters#RFC_7919_Groups (static const char g_ffdhe4096_sz)
and integrated into the system while compilation of OpenSSL .
- New Diffie-Hellman location for OpenVPN is /etc/ssl/ffdhe4096.pem .
Update OpenVPN configurations converter Code for install.sh:
if pgrep -a openvpn | grep server.conf >/dev/null; then
/usr/local/bin/openvpnctrl -k
sed -i 's|/var/ipfire/ovpn/ca/dh1024.pem|/etc/ssl/ffdhe4096.pem|' /var/ipfire/ovpn/server.conf
/usr/local/bin/openvpnctrl -s
else
if [ -f /var/ipfire/ovpn/server.conf ]; then
sed -i 's|/var/ipfire/ovpn/ca/dh1024.pem|/etc/ssl/ffdhe4096.pem|' /var/ipfire/ovpn/server.conf
fi
fi
if pgrep -a openvpn | grep n2nconf >/dev/null; then
/usr/local/bin/openvpnctrl -kn2n
sed -i 's|/var/ipfire/ovpn/ca/dh1024.pem|/etc/ssl/ffdhe4096.pem|' /var/ipfire/ovpn/n2nconf/*/*.conf
/usr/local/bin/openvpnctrl -sn2n
else
if [ -f "/var/ipfire/ovpn/n2nconf/*/*.conf" ]; then
sed -i 's|/var/ipfire/ovpn/ca/dh1024.pem|/etc/ssl/ffdhe4096.pem|' /var/ipfire/ovpn/n2nconf/*/*.conf
fi
fi
rm -f /var/ipfire/ca/dh1024.pem
Signed-off-by: Erik Kapfer <erik.kapfer@ipfire.org>