Fixes#11904
Since OpenSSL-1.1.0x the database attribute file for IPSec and OpenVPN wasn´t created while initial PKI generation.
OpenVPN delivered an error message but IPSec did crashed within the first attempt.
This problem persists also after X509 deletion and new generation.
index.txt.attr will now be delivered by the system but also deleted and recreated while setting up a new x509.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Update script for OpenVPNs CRL cause OpenVPN refactors the CRL handling since v.2.4.0 .
Script checks the next update field from the CRL and executes an update before it expires.
Script is placed under fcron.daily for daily checks.
Signed-off-by: Erik Kapfer <erik.kapfer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Added extended key usage based on RFC3280 TLS rules for OpenVPNs OpenSSL configuration,
so '--remote-cert-tls' can be used instead of the old and deprecated '--ns-cert-type'
if the host certificate are newely generated with this options.
Nevertheless both directives (old and new) will work also with old CAs.
- Automatic detection if the host certificate uses the new options.
If it does, '--remote-cert-tls server' will be automatically set into the client
configuration files for Net-to-Net and Roadwarriors connections.
If it does NOT, the old '--ns-cert-type server' directive will be set in the client
configuration file.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Added HMAC algorithm selection menu for N2N and RW.
Added cipher selection menu for N2N connections.
Added DH key selection also for existing installations incl. DH key upload possibility.
Adjusted the ovpn main WUI design to IPSec WUI.
Extend key lenght for CA, cert and control channel with faktor 2.
Some code and typo cleanup.
Bugfixes for #10317, #10149, #10462, #10463
V.2 New changes:
Integrated changes in langs and ovpnmain.cgi until 20.03.2014 2.15-Beta3.
ovpn.cnf have now default bits of 2048 instead of 1024.
ovpn.cnf default_md works now with sha256 instead of md5.
Bugfix: By new installation the auth directive for RWs is faded out #10462 Comment 15.
Added error message if the crl should be displayed but no crl is present.
v.3 New changes #10462 Comment 20:
Updated to core version 77.
Deleted manual name award in DH key upload section, name will be given automatically now.
Added sha512WithRSAEncryption instead of sha1WithRSAEncryption for "Root Certificate".
Added tls-auth support for Roadwarriors.
Added crypto engine support for N2N and Roadwarriors.
These are the defaults as in the CGI script, but when you don't
set up the roadwarrior server, the configuration file remains
empty and the openvpnctrl binary will end itself because it cannot
read a proper configuration.
Former versions of openvpn called the script where the arguments
in the certificate's common name where separated by /.
Now, those are separated by ", " (comma, space).
The current shell implementation is not strict with the certificate
common names and does not check all the requirements for the
connection to be accepted.
OpenVPN zurueck auf den Stand des alten gebracht. Wir bevorzugen die stabile Loesung.
ISDN4K-Utils kompiliert - Noch kein rootfile vorhanden.
Ibod aktualisiert.
Snort-Initscript setzt die Berechtigung der PID auf 644.
libxslt hinzugefuegt - Benoetigt vom mISDN-Script.
git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@623 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
