summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorJo-Philipp Wich <jow@openwrt.org>2015-12-17 02:37:55 +0100
committerJo-Philipp Wich <jow@openwrt.org>2015-12-17 02:37:55 +0100
commit23df4ffaf7060fd10e6b3f41ada903d52a55ad03 (patch)
tree521eb91074ec96d156441516c342f8282e5569b2
parente19098d0623e96690e65539b36c59965ae1373d5 (diff)
parent72c853629e69e9830a6d42425a331c76bfacf2d6 (diff)
Merge pull request #437 from fkooman/issue-436
introduce tls_version_min and tls_version_max, add key_direction and …
-rw-r--r--applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua7
-rw-r--r--applications/luci-app-openvpn/luasrc/model/cbi/openvpn-basic.lua3
2 files changed, 7 insertions, 3 deletions
diff --git a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua
index 1508493f3..af515fc59 100644
--- a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua
+++ b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua
@@ -154,7 +154,7 @@ local knownParams = {
} },
{ "Cryptography", {
- { Value, "secret", "/etc/openvpn/secret.key 1", translate("Enable Static Key encryption mode (non-TLS)") },
+ { FileUpload, "secret", "/etc/openvpn/secret.key", translate("Enable Static Key encryption mode (non-TLS)") },
{ Value, "auth", "SHA1", translate("HMAC authentication for packets") }, -- parse
{ Value, "cipher", "BF-CBC", translate("Encryption cipher for packets") }, -- parse
{ Value, "keysize", 1024, translate("Size of cipher key") }, -- parse
@@ -182,13 +182,16 @@ local knownParams = {
{ Value, "tran_window", 3600, translate("Key transition window") },
{ Flag, "single_session", 0, translate("Allow only one session") },
{ Flag, "tls_exit", 0, translate("Exit on TLS negotiation failure") },
- { Value, "tls_auth", "/etc/openvpn/tlsauth.key 1", translate("Additional authentication over TLS") },
+ { Value, "tls_auth", "/etc/openvpn/tlsauth.key", translate("Additional authentication over TLS") },
--{ Value, "askpass", "[file]", translate("Get PEM password from controlling tty before we daemonize") },
{ Flag, "auth_nocache", 0, translate("Don't cache --askpass or --auth-user-pass passwords") },
{ Value, "tls_remote", "remote_x509_name", translate("Only accept connections from given X509 name") },
{ ListValue, "ns_cert_type", { "client", "server" }, translate("Require explicit designation on certificate") },
{ ListValue, "remote_cert_tls", { "client", "server" }, translate("Require explicit key usage on certificate") },
{ Value, "crl_verify", "/etc/easy-rsa/keys/crl.pem", translate("Check peer certificate against a CRL") },
+ { Value, "tls_version_min", "1.0", translate("The lowest supported TLS version") },
+ { Value, "tls_version_max", "1.2", translate("The highest supported TLS version") },
+ { Value, "key_direction", "1", translate("The key direction for 'tls-auth' and 'secret' options") },
} }
}
diff --git a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-basic.lua b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-basic.lua
index e75203db6..8385839a8 100644
--- a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-basic.lua
+++ b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-basic.lua
@@ -30,7 +30,8 @@ local basicParams = {
{ Flag,"client_to_client",0, translate("Allow client-to-client traffic") },
{ DynamicList,"remote","vpnserver.example.org", translate("Remote host name or ip address") },
- { FileUpload,"secret","/etc/openvpn/secret.key 1", translate("Enable Static Key encryption mode (non-TLS)") },
+ { FileUpload,"secret","/etc/openvpn/secret.key", translate("Enable Static Key encryption mode (non-TLS)") },
+ { Value,"key_direction","1", translate("The key direction for 'tls-auth' and 'secret' options") },
{ FileUpload,"pkcs12","/etc/easy-rsa/keys/some-client.pk12", translate("PKCS#12 file containing keys") },
{ FileUpload,"ca","/etc/easy-rsa/keys/ca.crt", translate("Certificate authority") },
{ FileUpload,"dh","/etc/easy-rsa/keys/dh1024.pem", translate("Diffie Hellman parameters") },