Enable setting --script-security in client mode. 447/head
authorSrdjan Rosic <srdjan.rosic@gmail.com>
Sat, 22 Aug 2015 08:27:25 +0000 (09:27 +0100)
committerSrdjan Rosic <srdjan.rosic@gmail.com>
Sat, 22 Aug 2015 08:27:25 +0000 (09:27 +0100)
  This is useful in client mode as well, since it allows one to use --route-noexec and --up <cmd> or --route-up <cmd> to create routes manually instead of relying on whatever routes vpn server pushes down to the client.
  mode=server dependency in luci was introduced together with script_security by mmunz back in 2011.with no explanation in the commit why mode=server was there.

applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua

index 7e39dad2eba06922dd462c04f7176be7443fabd0..fa1530026a60fa7e908a019285e7ac02c78d3025 100644 (file)
@@ -48,7 +48,7 @@ local knownParams = {
                { Flag,                 "client_disconnect",                    0,                                                                                                                              translate("Run script cmd on client disconnection") },
                { Value,                "learn_address",                                "/usr/bin/ovpn-learnaddress",                                                                   translate("Executed in server mode whenever an IPv4 address/route or MAC address is added to OpenVPN's internal routing table") },
                { Value,                "auth_user_pass_verify",                "/usr/bin/ovpn-userpass via-env",                                                               translate("Executed in server mode on new client connections, when the client is still untrusted") },
-               { ListValue,    "script_security",                              { 0, 1, 2, 3 },                                                                                                 translate("Policy level over usage of external programs and scripts"),  {mode="server" } },
+               { ListValue,    "script_security",                              { 0, 1, 2, 3 },                                                                                                 translate("Policy level over usage of external programs and scripts") },
        } },
 
        { "Networking", {