OpenVPN Hardening Guide suggests limiting the TLS versions available to clients. https://community.openvpn.net/openvpn/wiki/Hardening This patch allows the OpenVPN init script to recognise tls-version-min and tls-version-max configuration options in UCI for the generated config file.
Signed-off-by: Liam Dennehy <l...@wiemax.net> --- package/network/services/openvpn/files/openvpn.init | 1 + 1 file changed, 1 insertion(+) diff --git a/package/network/services/openvpn/files/openvpn.init b/package/network/services/openvpn/files/openvpn.init index 861d0d62b3..2e0f6e0696 100644 --- a/package/network/services/openvpn/files/openvpn.init +++ b/package/network/services/openvpn/files/openvpn.init @@ -123,6 +123,7 @@ start_instance() { route_metric route_up rport script_security secret server server_bridge setenv shaper sndbuf \ socks_proxy status status_version syslog tcp_queue_limit tls_auth \ tls_cipher tls_remote tls_timeout tls_verify tmp_dir topology tran_window \ + tls_version_min tls_version_max \ tun_mtu tun_mtu_extra txqueuelen user verb down push up \ ifconfig_ipv6 route_ipv6 server_ipv6 ifconfig_ipv6_pool ifconfig_ipv6_push iroute_ipv6 -- 2.13.0
_______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel