Commit 11bd0171 authored by Ad Schellevis's avatar Ad Schellevis

(openvpn) add reneg-sec to server, closes https://github.com/opnsense/core/issues/1147

parent a36bb78d
......@@ -794,6 +794,10 @@ function openvpn_reconfigure($mode, $settings, $device_only = false)
}
}
if (isset($settings['reneg-sec']) && $settings['reneg-sec'] != "") {
$conf .= "reneg-sec ".$settings['reneg-sec'].";\n";
}
openvpn_add_custom($settings, $conf);
openvpn_create_dirs();
......
......@@ -69,7 +69,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
,ntp_server2,netbios_enable,netbios_ntype,netbios_scope,wins_server1
,wins_server2,no_tun_ipv6,push_register_dns,dns_domain
,client_mgmt_port,verbosity_level,caref,crlref,certref,dh_length
,cert_depth,strictusercn,digest,disable,duplicate_cn,vpnid";
,cert_depth,strictusercn,digest,disable,duplicate_cn,vpnid,reneg-sec";
foreach (explode(",", $copy_fields) as $fieldname) {
$fieldname = trim($fieldname);
......@@ -116,7 +116,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
,ntp_server2,netbios_enable,netbios_ntype,netbios_scope,wins_server1
,wins_server2,no_tun_ipv6,push_register_dns,dns_domain
,client_mgmt_port,verbosity_level,caref,crlref,certref,dh_length
,cert_depth,strictusercn,digest,disable,duplicate_cn,vpnid,shared_key,tls";
,cert_depth,strictusercn,digest,disable,duplicate_cn,vpnid,shared_key,tls,reneg-sec";
foreach (explode(",", $init_fields) as $fieldname) {
$fieldname = trim($fieldname);
if (!isset($pconfig[$fieldname])) {
......@@ -318,6 +318,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$input_errors[] = gettext("The Server Bridge DHCP range is invalid (start higher than end).");
}
}
if (!empty($pconfig['reneg-sec']) && (string)((int)$pconfig['reneg-sec']) != $pconfig['reneg-sec']) {
$input_errors[] = gettext("Renegotiate time should contain a valid number of seconds.");
}
do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors);
if (count($input_errors) == 0) {
......@@ -337,11 +340,11 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
,serverbridge_dhcp_end,dns_domain,dns_server1,dns_server2,dns_server3
,dns_server4,push_register_dns,ntp_server1,ntp_server2,netbios_enable
,netbios_ntype,netbios_scope,no_tun_ipv6,verbosity_level,wins_server1
,wins_server2,client_mgmt_port,strictusercn";
,wins_server2,client_mgmt_port,strictusercn,reneg-sec";
foreach (explode(",", $copy_fields) as $fieldname) {
$fieldname = trim($fieldname);
if (!empty($pconfig[$fieldname])) {
if (!empty($pconfig[$fieldname]) || $pconfig[$fieldname] == '0') {
$server[$fieldname] = $pconfig[$fieldname];
}
}
......@@ -461,7 +464,9 @@ $( document ).ready(function() {
if ($("#iform").length) {
$("#mode,#gwredir").change(function(){
$(".opt_mode").hide();
$(".opt_mode :input").prop( "disabled", true );
$(".opt_mode_"+$("#mode").val()).show();
$(".opt_mode_"+$("#mode").val()+" :input").prop( "disabled", false );
if ($("#gwredir").is(":checked")) {
$(".opt_gwredir").hide();
}
......@@ -1527,6 +1532,18 @@ endif; ?>
</div>
</td>
</tr>
<tr class="opt_mode opt_mode_server_tls_user">
<td><a id="help_for_reneg-sec" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Renegotiate time"); ?></td>
<td>
<input type="text" name="reneg-sec" value="<?=$pconfig['reneg-sec'];?>">
<div class="hidden" for="help_for_reneg-sec">
<?=sprintf(
gettext('Renegotiate data channel key after n seconds (default=3600).%s' .
'When using a one time password, be advised that your connection will automatically drop because your password is not valid anymore.%sSet to 0 to disable, remember to change your client as well.'),
'<br/>','<br/>');?>
</div>
</td>
</tr>
<tr>
<td width="22%">&nbsp;</td>
<td width="78%">
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment