fix security issues, other minor changes #2
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Hmm taking a closer glance at this .. i'm not sure your port 9700 in the config is respected, have you seen that spin up the pritunl server up on that port? I only see it on 80 and 443. Don't merge this yet lets resolve that and readme changes first. |
|
Yeah ok .. so the port value isn't respected in the root@b02bc15025a8:/# cat /etc/pritunl.conf
{
"mongodb_uri": "mongodb://localhost:27017/pritunl",
"server_key_path": "/var/lib/pritunl/pritunl.key",
"log_path": "/var/log/pritunl.log",
"static_cache": true,
"server_cert_path": "/var/lib/pritunl/pritunl.crt",
"temp_path": "/tmp/pritunl_%r",
"bind_addr": "0.0.0.0",
"debug": true,
"www_path": "/usr/share/pritunl/www",
"local_address_interface": "auto",
"port": 9700
}
root@b02bc15025a8:/# netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.11:44566 *:* LISTEN
tcp 0 0 localhost:9756 *:* LISTEN
tcp 0 0 localhost:27017 *:* LISTEN
tcp6 0 0 [::]:80 [::]:* LISTEN
tcp6 0 0 [::]:443 [::]:* LISTEN
udp 0 0 127.0.0.11:52245 *:*My thought is to just do away with the port option and just use 80/443. Thoughts? |
|
I think it looks good! 9700 is just what old versions used :) |
|
Thanks for the PR ! nice improvements and nice to know it's more secure now :) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #1 .. also pulls from openvpn repo which has the updates for big security issues here:
https://guidovranken.wordpress.com/2017/06/21/the-openvpn-post-audit-bug-bonanza/
Follows approach documented here:
https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos
Updates ports to be more accurate based on what pritunl comes with out of the box now.