Server: Add script-security 0 to the OpenVPN config

This prevents scripts from being executed by default. Clients can override this by either using the OpenVPN --script-security flag or add a script-security setting themselves.
author: jwijenbergh <jeroenwijenbergh@protonmail.com> 2023-01-31 12:15:22 +0100
committer: jwijenbergh <jeroenwijenbergh@protonmail.com> 2023-01-31 12:16:33 +0100
commit: 0969bbdda92aef8568e72dbdda338b7cdf920191 (patch)
tree: 69d63084d4b226cb7570c9e21bade7a9ab48c72d /client
parent: f25dcda007547f7dfb75c4aded7fd94ed2236e21 (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/client/client_test.go b/client/client_test.go
index b4b944b..4356736 100644
--- a/client/client_test.go
+++ b/client/client_test.go
@@ -391,7 +391,8 @@ func TestPreferTCP(t *testing.T) {
 		t.Fatalf("Config error: %v", configErr)
 	}
 
-	if !strings.HasSuffix(config.Config, "udp") {
+	// We also test for script security 0 here
+	if !strings.HasSuffix(config.Config, "udp\nscript-security 0") {
 		t.Fatalf("Suffix for prefer TCP is not in the right order for config: %s", config)
 	}
 
@@ -401,8 +402,9 @@ func TestPreferTCP(t *testing.T) {
 		t.Fatalf("Config error: %v", configErr)
 	}
 
+	// We also test for script security 0 here
 	if config.Type == "openvpn" &&
-		!strings.HasSuffix(config.Config, "tcp") {
+		!strings.HasSuffix(config.Config, "tcp\nscript-security 0") {
 		t.Fatalf("Suffix for disable prefer TCP is not in the right order for config: %s", config.Config)
 	}
 }
author	jwijenbergh <jeroenwijenbergh@protonmail.com>	2023-01-31 12:15:22 +0100
committer	jwijenbergh <jeroenwijenbergh@protonmail.com>	2023-01-31 12:16:33 +0100
commit	0969bbdda92aef8568e72dbdda338b7cdf920191 (patch)
tree	69d63084d4b226cb7570c9e21bade7a9ab48c72d /client
parent	f25dcda007547f7dfb75c4aded7fd94ed2236e21 (diff)