Message ID | 20200328083224.2925-1-ummeegge@ipfire.org |
---|---|
State | Accepted |
Commit | fa4dbe2745d2f7b025c524003adeb9be6f039c78 |
Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 48qBmq402yz3yBn for <patchwork@web04.haj.ipfire.org>; Sat, 28 Mar 2020 08:32:43 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 48qBmp0KgBz1Q3; Sat, 28 Mar 2020 08:32:42 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 48qBmn4MSnz2yVm; Sat, 28 Mar 2020 08:32:41 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 48qBml4715z2xjt for <development@lists.ipfire.org>; Sat, 28 Mar 2020 08:32:39 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 48qBmk6jnLz1Q3; Sat, 28 Mar 2020 08:32:38 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1585384359; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc; bh=qg6mmMwXb2LEZ4AQ0tHqHD2zLX6DIUQrO0ipdLWFo7M=; b=aSRMsQIFO+/HII66wVmHRo3wSO1FkYbsZ0QlbSWhFGXGADj5z8KzztywCzUO3Gwd3Hfr79 raMvDOuPcdnbSpBg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1585384359; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc; bh=qg6mmMwXb2LEZ4AQ0tHqHD2zLX6DIUQrO0ipdLWFo7M=; b=wmuU/7xis9kDROIiNnDBRZzmpNc3CMAyIxbg70WNa7buNrAvmX9N109uXe/AUq6CL1YxOB I8dERxFiC4bYhztko/8yY4eibQZ0xr/gK42WOZheUWJcdEiHXgp9EmY26k8dWPnaqJg/3y bfp0dFm3j5g8HHFPS+FkbRoJp/YRpo0eXmxinawwanC0XxTJlen3DyfQy7Cuo3BA34de22 utA7OgdfWyCW/kqF12F8niF6ak5Olf0RVuwMYU6eiT0RfzsNxuW5lk+9ippv3DZT5ne4S6 aRHFCBN/wNFCIHHNY8+nF996tQINZEtdC1R/GC37a1CQfBNdyQoRNRX67ncFZQ== From: Erik Kapfer <ummeegge@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH] OpenVPN: Delete RRD dir if connection is deleted Date: Sat, 28 Mar 2020 09:32:24 +0100 Message-Id: <20200328083224.2925-1-ummeegge@ipfire.org> Authentication-Results: mail01.ipfire.org; auth=pass smtp.mailfrom=ummeegge@ipfire.org X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <http://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
Series |
OpenVPN: Delete RRD dir if connection is deleted
|
|
Commit Message
ummeegge
March 28, 2020, 8:32 a.m. UTC
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
---
html/cgi-bin/ovpnmain.cgi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Comments
Reviewed-by: Peter Müller <peter.mueller@ipfire.org> In my opinion, this fixes #11713. > Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> > --- > html/cgi-bin/ovpnmain.cgi | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi > index ce9524df7..00ecd77a0 100644 > --- a/html/cgi-bin/ovpnmain.cgi > +++ b/html/cgi-bin/ovpnmain.cgi > @@ -2513,7 +2513,7 @@ else > # CCD end > # Update collectd configuration and delete all RRD files of the removed connection > &writecollectdconf(); > - system ("/usr/local/bin/openvpnctrl -drrd $confighash{$cgiparams{'KEY'}}[1]"); > + system ('/usr/local/bin/openvpnctrl', '-drrd', $confighash{$cgiparams{'KEY'}}[1]); > > delete $confighash{$cgiparams{'KEY'}}; > my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`; >
Hi Peter, Am Samstag, den 28.03.2020, 09:25 +0000 schrieb Peter Müller: > Reviewed-by: Peter Müller <peter.mueller@ipfire.org> > > In my opinion, this fixes #11713. Haven´t seen that one, yes i think so. Have found another one in here --> https://git.ipfire.org/?p=ipfire-2.x.git;a=blob;f=html/cgi-bin/ovpnmain.cgi;h=e76a688fe7dcda0b77bf716eb2538342cd775b00;hb=HEAD#l1224 which can not be solved in this way. Need to have another look into this. Will send a separate patch then for "delete all RRDs if X509 is deleted". Need a little more time. Best, Erik > > > Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> > > --- > > html/cgi-bin/ovpnmain.cgi | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi > > index ce9524df7..00ecd77a0 100644 > > --- a/html/cgi-bin/ovpnmain.cgi > > +++ b/html/cgi-bin/ovpnmain.cgi > > @@ -2513,7 +2513,7 @@ else > > # CCD end > > # Update collectd configuration and delete all RRD > > files of the removed connection > > &writecollectdconf(); > > - system ("/usr/local/bin/openvpnctrl -drrd > > $confighash{$cgiparams{'KEY'}}[1]"); > > + system ('/usr/local/bin/openvpnctrl', '-drrd', > > $confighash{$cgiparams{'KEY'}}[1]); > > > > delete $confighash{$cgiparams{'KEY'}}; > > my $temp2 = `/usr/bin/openssl ca -gencrl -out > > ${General::swroot}/ovpn/crls/cacrl.pem -config > > ${General::swroot}/ovpn/openssl/ovpn.cnf`; > >
Hi all, this patch does only works if the common name is the same then the connection name. Have encountered that the rrd creation for OpenVPN uses the common name of the certificate not the connection name --> # root @ ipfire-server in /var/log/rrd/collectd/localhost [8:34:50] $ ls cpu-0 disk-loop0 iptables-filter-PSCAN processes-charon processes-spamd cpu-1 disk-sda load processes-java processes-squid cpu-2 entropy memory processes-mpd processes-squidguard cpu-3 interface openvpn-rwonecert processes-nmbd processes-sshd cpufreq iptables-filter-NEWNOTSYN openvpn-rwtwocert processes-openvpn sensors-coretemp-isa-0000 disk-dm-0 iptables-filter-POLICYFWD ping processes-qemu sensors-f71869-isa-0290 disk-dm-1 iptables-filter-POLICYIN processes processes-rtorrent swap disk-dm-2 iptables-filter-POLICYOUT processes-asterisk processes-smbd $ cat /var/ipfire/ovpn/ovpnconfig 1,on,rwonename,rwonecert,host,cert,,,,,,,,,,,,,,,,,,,,,,,,,,,,dynamic 2,on,rwtwoname,rwtwocert,host,cert,,,,,,,,,,,,,,,,,,,,,,,,,,,,dynamic,,,,,,,,,,, strangely enough if i set the element index to [2] it doesn´t work. Currently not sure why that´s happen. It is better to revert this patch. Best, Erik Am Samstag, den 28.03.2020, 10:45 +0100 schrieb ummeegge: > Hi Peter, > > Am Samstag, den 28.03.2020, 09:25 +0000 schrieb Peter Müller: > > Reviewed-by: Peter Müller <peter.mueller@ipfire.org> > > > > In my opinion, this fixes #11713. > > Haven´t seen that one, yes i think so. > Have found another one in here --> > https://git.ipfire.org/?p=ipfire-2.x.git;a=blob;f=html/cgi-bin/ovpnmain.cgi;h=e76a688fe7dcda0b77bf716eb2538342cd775b00;hb=HEAD#l1224 > which can not be solved in this way. Need to have another look into > this. > Will send a separate patch then for "delete all RRDs if X509 is > deleted". > > Need a little more time. > > Best, > > Erik > > > > > > Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> > > > --- > > > html/cgi-bin/ovpnmain.cgi | 2 +- > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi- > > > bin/ovpnmain.cgi > > > index ce9524df7..00ecd77a0 100644 > > > --- a/html/cgi-bin/ovpnmain.cgi > > > +++ b/html/cgi-bin/ovpnmain.cgi > > > @@ -2513,7 +2513,7 @@ else > > > # CCD end > > > # Update collectd configuration and delete all RRD > > > files of the removed connection > > > &writecollectdconf(); > > > - system ("/usr/local/bin/openvpnctrl -drrd > > > $confighash{$cgiparams{'KEY'}}[1]"); > > > + system ('/usr/local/bin/openvpnctrl', '-drrd', > > > $confighash{$cgiparams{'KEY'}}[1]); > > > > > > delete $confighash{$cgiparams{'KEY'}}; > > > my $temp2 = `/usr/bin/openssl ca -gencrl -out > > > ${General::swroot}/ovpn/crls/cacrl.pem -config > > > ${General::swroot}/ovpn/openssl/ovpn.cnf`; > > > > >
Hi, This is a good find. Did you have a connection that had a space in the common name? Potentially it is that. Changing the code to use the common name should be trivial. Maybe just try printing the path it is trying to delete. Are the files maybe not accessible by “nobody”? -Michael > On 11 Apr 2020, at 09:06, ummeegge <ummeegge@ipfire.org> wrote: > > Hi all, > this patch does only works if the common name is the same then the > connection name. Have encountered that the rrd creation for OpenVPN > uses the common name of the certificate not the connection name --> > > # root @ ipfire-server in /var/log/rrd/collectd/localhost [8:34:50] > $ ls > cpu-0 disk-loop0 iptables-filter-PSCAN processes-charon processes-spamd > cpu-1 disk-sda load processes-java processes-squid > cpu-2 entropy memory processes-mpd processes-squidguard > cpu-3 interface openvpn-rwonecert processes-nmbd processes-sshd > cpufreq iptables-filter-NEWNOTSYN openvpn-rwtwocert processes-openvpn sensors-coretemp-isa-0000 > disk-dm-0 iptables-filter-POLICYFWD ping processes-qemu sensors-f71869-isa-0290 > disk-dm-1 iptables-filter-POLICYIN processes processes-rtorrent swap > disk-dm-2 iptables-filter-POLICYOUT processes-asterisk processes-smbd > > $ cat /var/ipfire/ovpn/ovpnconfig > 1,on,rwonename,rwonecert,host,cert,,,,,,,,,,,,,,,,,,,,,,,,,,,,dynamic > 2,on,rwtwoname,rwtwocert,host,cert,,,,,,,,,,,,,,,,,,,,,,,,,,,,dynamic,,,,,,,,,,, > > strangely enough if i set the element index to [2] it doesn´t work. Currently not sure why that´s happen. > > It is better to revert this patch. > > Best, > > Erik > > Am Samstag, den 28.03.2020, 10:45 +0100 schrieb ummeegge: >> Hi Peter, >> >> Am Samstag, den 28.03.2020, 09:25 +0000 schrieb Peter Müller: >>> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> >>> >>> In my opinion, this fixes #11713. >> >> Haven´t seen that one, yes i think so. >> Have found another one in here --> >> > https://git.ipfire.org/?p=ipfire-2.x.git;a=blob;f=html/cgi-bin/ovpnmain.cgi;h=e76a688fe7dcda0b77bf716eb2538342cd775b00;hb=HEAD#l1224 >> which can not be solved in this way. Need to have another look into >> this. >> Will send a separate patch then for "delete all RRDs if X509 is >> deleted". >> >> Need a little more time. >> >> Best, >> >> Erik >> >>> >>>> Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> >>>> --- >>>> html/cgi-bin/ovpnmain.cgi | 2 +- >>>> 1 file changed, 1 insertion(+), 1 deletion(-) >>>> >>>> diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi- >>>> bin/ovpnmain.cgi >>>> index ce9524df7..00ecd77a0 100644 >>>> --- a/html/cgi-bin/ovpnmain.cgi >>>> +++ b/html/cgi-bin/ovpnmain.cgi >>>> @@ -2513,7 +2513,7 @@ else >>>> # CCD end >>>> # Update collectd configuration and delete all RRD >>>> files of the removed connection >>>> &writecollectdconf(); >>>> - system ("/usr/local/bin/openvpnctrl -drrd >>>> $confighash{$cgiparams{'KEY'}}[1]"); >>>> + system ('/usr/local/bin/openvpnctrl', '-drrd', >>>> $confighash{$cgiparams{'KEY'}}[1]); >>>> >>>> delete $confighash{$cgiparams{'KEY'}}; >>>> my $temp2 = `/usr/bin/openssl ca -gencrl -out >>>> ${General::swroot}/ovpn/crls/cacrl.pem -config >>>> ${General::swroot}/ovpn/openssl/ovpn.cnf`; >>>> >> >> >
Hi Michael, Am Samstag, den 11.04.2020, 11:46 +0100 schrieb Michael Tremer: > Hi, > > This is a good find. > > Did you have a connection that had a space in the common name? > Potentially it is that. No, the connections doesn´t have spaces. > > Changing the code to use the common name should be trivial. Maybe > just try printing the path it is trying to delete. Are the files > maybe not accessible by “nobody”? They are pretty much all root:root . If i change the permissions to nobody:nobdy i can delete all of them (by deleting X509) via a @@ -1288,6 +1277,9 @@ while ($file = glob("${General::swroot}/ovpn/n2nconf/*")) { system ("rm -rf $file"); } + while ($file = glob("/var/log/rrd/collectd/localhost/openvpn-*")) { + system ("rm -rf $file"); + } which would spare this code --> https://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=e1297cbb7659618c526fdc1ab07e97f57f55fd78 . Haven´t checked that yet for the deletion of only one connection... Might it be possible that openvpnctrl handles there something incorrect ? Best, Erik > > -Michael > > > On 11 Apr 2020, at 09:06, ummeegge <ummeegge@ipfire.org> wrote: > > > > Hi all, > > this patch does only works if the common name is the same then the > > connection name. Have encountered that the rrd creation for OpenVPN > > uses the common name of the certificate not the connection name --> > > > > # root @ ipfire-server in /var/log/rrd/collectd/localhost > > [8:34:50] > > $ ls > > cpu-0 disk-loop0 iptables-filter- > > PSCAN processes-charon processes-spamd > > cpu-1 disk- > > sda load processes- > > java processes-squid > > cpu- > > 2 entropy memory processes- > > mpd processes-squidguard > > cpu-3 interface openvpn- > > rwonecert processes-nmbd processes-sshd > > cpufreq iptables-filter-NEWNOTSYN openvpn- > > rwtwocert processes-openvpn sensors-coretemp-isa-0000 > > disk-dm-0 iptables-filter- > > POLICYFWD ping processes-qemu sensors- > > f71869-isa-0290 > > disk-dm-1 iptables-filter- > > POLICYIN processes processes-rtorrent swap > > disk-dm-2 iptables-filter-POLICYOUT processes- > > asterisk processes-smbd > > > > $ cat /var/ipfire/ovpn/ovpnconfig > > 1,on,rwonename,rwonecert,host,cert,,,,,,,,,,,,,,,,,,,,,,,,,,,,dynam > > ic > > 2,on,rwtwoname,rwtwocert,host,cert,,,,,,,,,,,,,,,,,,,,,,,,,,,,dynam > > ic,,,,,,,,,,, > > > > strangely enough if i set the element index to [2] it doesn´t work. > > Currently not sure why that´s happen. > > > > It is better to revert this patch. > > > > Best, > > > > Erik > > > > Am Samstag, den 28.03.2020, 10:45 +0100 schrieb ummeegge: > > > Hi Peter, > > > > > > Am Samstag, den 28.03.2020, 09:25 +0000 schrieb Peter Müller: > > > > Reviewed-by: Peter Müller <peter.mueller@ipfire.org> > > > > > > > > In my opinion, this fixes #11713. > > > > > > Haven´t seen that one, yes i think so. > > > Have found another one in here --> > > > > > > > https://git.ipfire.org/?p=ipfire-2.x.git;a=blob;f=html/cgi-bin/ovpnmain.cgi;h=e76a688fe7dcda0b77bf716eb2538342cd775b00;hb=HEAD#l1224 > > > which can not be solved in this way. Need to have another look > > > into > > > this. > > > Will send a separate patch then for "delete all RRDs if X509 is > > > deleted". > > > > > > Need a little more time. > > > > > > Best, > > > > > > Erik > > > > > > > > > > > > Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> > > > > > --- > > > > > html/cgi-bin/ovpnmain.cgi | 2 +- > > > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > > > > > diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi- > > > > > bin/ovpnmain.cgi > > > > > index ce9524df7..00ecd77a0 100644 > > > > > --- a/html/cgi-bin/ovpnmain.cgi > > > > > +++ b/html/cgi-bin/ovpnmain.cgi > > > > > @@ -2513,7 +2513,7 @@ else > > > > > # CCD end > > > > > # Update collectd configuration and delete all > > > > > RRD > > > > > files of the removed connection > > > > > &writecollectdconf(); > > > > > - system ("/usr/local/bin/openvpnctrl -drrd > > > > > $confighash{$cgiparams{'KEY'}}[1]"); > > > > > + system ('/usr/local/bin/openvpnctrl', '-drrd', > > > > > $confighash{$cgiparams{'KEY'}}[1]); > > > > > > > > > > delete $confighash{$cgiparams{'KEY'}}; > > > > > my $temp2 = `/usr/bin/openssl ca -gencrl -out > > > > > ${General::swroot}/ovpn/crls/cacrl.pem -config > > > > > ${General::swroot}/ovpn/openssl/ovpn.cnf`; > > > > > > > > > > > > >
Hi, > On 11 Apr 2020, at 12:59, ummeegge <ummeegge@ipfire.org> wrote: > > Hi Michael, > > Am Samstag, den 11.04.2020, 11:46 +0100 schrieb Michael Tremer: >> Hi, >> >> This is a good find. >> >> Did you have a connection that had a space in the common name? >> Potentially it is that. > No, the connections doesn´t have spaces. > >> >> Changing the code to use the common name should be trivial. Maybe >> just try printing the path it is trying to delete. Are the files >> maybe not accessible by “nobody”? > They are pretty much all root:root . If i change the permissions to > nobody:nobdy i can delete all of them (by deleting X509) via a > > @@ -1288,6 +1277,9 @@ > while ($file = glob("${General::swroot}/ovpn/n2nconf/*")) { > system ("rm -rf $file"); > } > + while ($file = glob("/var/log/rrd/collectd/localhost/openvpn-*")) { > + system ("rm -rf $file"); > + } > > which would spare this code --> > https://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=e1297cbb7659618c526fdc1ab07e97f57f55fd78 > . Haven´t checked that yet for the deletion of only one connection... If they belong to root, the web UI won’t have permissions to delete them. That is something we will have to handle in openvpnctrl then. > Might it be possible that openvpnctrl handles there something incorrect ? Is there any code to handle it? And if so, why is the CGI calling “rm”? -Michael > > Best, > > > Erik > >> >> -Michael >> >>> On 11 Apr 2020, at 09:06, ummeegge <ummeegge@ipfire.org> wrote: >>> >>> Hi all, >>> this patch does only works if the common name is the same then the >>> connection name. Have encountered that the rrd creation for OpenVPN >>> uses the common name of the certificate not the connection name --> >>> >>> # root @ ipfire-server in /var/log/rrd/collectd/localhost >>> [8:34:50] >>> $ ls >>> cpu-0 disk-loop0 iptables-filter- >>> PSCAN processes-charon processes-spamd >>> cpu-1 disk- >>> sda load processes- >>> java processes-squid >>> cpu- >>> 2 entropy memory processes- >>> mpd processes-squidguard >>> cpu-3 interface openvpn- >>> rwonecert processes-nmbd processes-sshd >>> cpufreq iptables-filter-NEWNOTSYN openvpn- >>> rwtwocert processes-openvpn sensors-coretemp-isa-0000 >>> disk-dm-0 iptables-filter- >>> POLICYFWD ping processes-qemu sensors- >>> f71869-isa-0290 >>> disk-dm-1 iptables-filter- >>> POLICYIN processes processes-rtorrent swap >>> disk-dm-2 iptables-filter-POLICYOUT processes- >>> asterisk processes-smbd >>> >>> $ cat /var/ipfire/ovpn/ovpnconfig >>> 1,on,rwonename,rwonecert,host,cert,,,,,,,,,,,,,,,,,,,,,,,,,,,,dynam >>> ic >>> 2,on,rwtwoname,rwtwocert,host,cert,,,,,,,,,,,,,,,,,,,,,,,,,,,,dynam >>> ic,,,,,,,,,,, >>> >>> strangely enough if i set the element index to [2] it doesn´t work. >>> Currently not sure why that´s happen. >>> >>> It is better to revert this patch. >>> >>> Best, >>> >>> Erik >>> >>> Am Samstag, den 28.03.2020, 10:45 +0100 schrieb ummeegge: >>>> Hi Peter, >>>> >>>> Am Samstag, den 28.03.2020, 09:25 +0000 schrieb Peter Müller: >>>>> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> >>>>> >>>>> In my opinion, this fixes #11713. >>>> >>>> Haven´t seen that one, yes i think so. >>>> Have found another one in here --> >>>> >>> >>> > https://git.ipfire.org/?p=ipfire-2.x.git;a=blob;f=html/cgi-bin/ovpnmain.cgi;h=e76a688fe7dcda0b77bf716eb2538342cd775b00;hb=HEAD#l1224 >>>> which can not be solved in this way. Need to have another look >>>> into >>>> this. >>>> Will send a separate patch then for "delete all RRDs if X509 is >>>> deleted". >>>> >>>> Need a little more time. >>>> >>>> Best, >>>> >>>> Erik >>>> >>>>> >>>>>> Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> >>>>>> --- >>>>>> html/cgi-bin/ovpnmain.cgi | 2 +- >>>>>> 1 file changed, 1 insertion(+), 1 deletion(-) >>>>>> >>>>>> diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi- >>>>>> bin/ovpnmain.cgi >>>>>> index ce9524df7..00ecd77a0 100644 >>>>>> --- a/html/cgi-bin/ovpnmain.cgi >>>>>> +++ b/html/cgi-bin/ovpnmain.cgi >>>>>> @@ -2513,7 +2513,7 @@ else >>>>>> # CCD end >>>>>> # Update collectd configuration and delete all >>>>>> RRD >>>>>> files of the removed connection >>>>>> &writecollectdconf(); >>>>>> - system ("/usr/local/bin/openvpnctrl -drrd >>>>>> $confighash{$cgiparams{'KEY'}}[1]"); >>>>>> + system ('/usr/local/bin/openvpnctrl', '-drrd', >>>>>> $confighash{$cgiparams{'KEY'}}[1]); >>>>>> >>>>>> delete $confighash{$cgiparams{'KEY'}}; >>>>>> my $temp2 = `/usr/bin/openssl ca -gencrl -out >>>>>> ${General::swroot}/ovpn/crls/cacrl.pem -config >>>>>> ${General::swroot}/ovpn/openssl/ovpn.cnf`; >>>>>> >>>> >>>> >> >> >
Hi Michael, Am Samstag, den 11.04.2020, 13:24 +0100 schrieb Michael Tremer: > Hi, > > > On 11 Apr 2020, at 12:59, ummeegge <ummeegge@ipfire.org> wrote: > > > > Hi Michael, > > > > Am Samstag, den 11.04.2020, 11:46 +0100 schrieb Michael Tremer: > > > Hi, > > > > > > This is a good find. > > > > > > Did you have a connection that had a space in the common name? > > > Potentially it is that. > > > > No, the connections doesn´t have spaces. > > > > > > > > Changing the code to use the common name should be trivial. Maybe > > > just try printing the path it is trying to delete. Are the files > > > maybe not accessible by “nobody”? > > > > They are pretty much all root:root . If i change the permissions to > > nobody:nobdy i can delete all of them (by deleting X509) via a > > > > @@ -1288,6 +1277,9 @@ > > while ($file = glob("${General::swroot}/ovpn/n2nconf/*")) { > > system ("rm -rf $file"); > > } > > + while ($file = glob("/var/log/rrd/collectd/localhost/openvpn- > > *")) { > > + system ("rm -rf $file"); > > + } > > > > which would spare this code --> > > https://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=e1297cbb7659618c526fdc1ab07e97f57f55fd78 > > . Haven´t checked that yet for the deletion of only one > > connection... > > If they belong to root, the web UI won’t have permissions to delete > them. Have changed the permissions via chown -R and tried to delete then via single connection but also via X509 deletion (deleting all) with no luck. Nevertheless, the RRD creation should chown then openvpn-* directories too which it currently do not. > > That is something we will have to handle in openvpnctrl then. Yes. > > > Might it be possible that openvpnctrl handles there something > > incorrect ? > > Is there any code to handle it? And if so, why is the CGI calling > “rm”? It is held in the already existing coding style --> https://git.ipfire.org/?p=ipfire-2.x.git;a=blob;f=html/cgi-bin/ovpnmain.cgi;h=e76a688fe7dcda0b77bf716eb2538342cd775b00;hb=refs/heads/core142#l1231 which should prevent the rmdir/unlink part for every connection i think. Best, Erik > > > -Michael > > > > > Best, > > > > > > Erik > > > > > > > > -Michael > > > > > > > On 11 Apr 2020, at 09:06, ummeegge <ummeegge@ipfire.org> wrote: > > > > > > > > Hi all, > > > > this patch does only works if the common name is the same then > > > > the > > > > connection name. Have encountered that the rrd creation for > > > > OpenVPN > > > > uses the common name of the certificate not the connection name > > > > --> > > > > > > > > # root @ ipfire-server in /var/log/rrd/collectd/localhost > > > > [8:34:50] > > > > $ ls > > > > cpu-0 disk-loop0 iptables-filter- > > > > PSCAN processes-charon processes-spamd > > > > cpu-1 disk- > > > > sda load processes- > > > > java processes-squid > > > > cpu- > > > > 2 entropy memory proces > > > > ses- > > > > mpd processes-squidguard > > > > cpu-3 interface openvpn- > > > > rwonecert processes-nmbd processes-sshd > > > > cpufreq iptables-filter-NEWNOTSYN openvpn- > > > > rwtwocert processes-openvpn sensors-coretemp-isa-0000 > > > > disk-dm-0 iptables-filter- > > > > POLICYFWD ping processes-qemu sensors- > > > > f71869-isa-0290 > > > > disk-dm-1 iptables-filter- > > > > POLICYIN processes processes-rtorrent swap > > > > disk-dm-2 iptables-filter-POLICYOUT processes- > > > > asterisk processes-smbd > > > > > > > > $ cat /var/ipfire/ovpn/ovpnconfig > > > > 1,on,rwonename,rwonecert,host,cert,,,,,,,,,,,,,,,,,,,,,,,,,,,,d > > > > ynam > > > > ic > > > > 2,on,rwtwoname,rwtwocert,host,cert,,,,,,,,,,,,,,,,,,,,,,,,,,,,d > > > > ynam > > > > ic,,,,,,,,,,, > > > > > > > > strangely enough if i set the element index to [2] it doesn´t > > > > work. > > > > Currently not sure why that´s happen. > > > > > > > > It is better to revert this patch. > > > > > > > > Best, > > > > > > > > Erik > > > > > > > > Am Samstag, den 28.03.2020, 10:45 +0100 schrieb ummeegge: > > > > > Hi Peter, > > > > > > > > > > Am Samstag, den 28.03.2020, 09:25 +0000 schrieb Peter Müller: > > > > > > Reviewed-by: Peter Müller <peter.mueller@ipfire.org> > > > > > > > > > > > > In my opinion, this fixes #11713. > > > > > > > > > > Haven´t seen that one, yes i think so. > > > > > Have found another one in here --> > > > > > > > > > > > > > > > > > https://git.ipfire.org/?p=ipfire-2.x.git;a=blob;f=html/cgi-bin/ovpnmain.cgi;h=e76a688fe7dcda0b77bf716eb2538342cd775b00;hb=HEAD#l1224 > > > > > which can not be solved in this way. Need to have another > > > > > look > > > > > into > > > > > this. > > > > > Will send a separate patch then for "delete all RRDs if X509 > > > > > is > > > > > deleted". > > > > > > > > > > Need a little more time. > > > > > > > > > > Best, > > > > > > > > > > Erik > > > > > > > > > > > > > > > > > > Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> > > > > > > > --- > > > > > > > html/cgi-bin/ovpnmain.cgi | 2 +- > > > > > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > > > > > > > > > diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi- > > > > > > > bin/ovpnmain.cgi > > > > > > > index ce9524df7..00ecd77a0 100644 > > > > > > > --- a/html/cgi-bin/ovpnmain.cgi > > > > > > > +++ b/html/cgi-bin/ovpnmain.cgi > > > > > > > @@ -2513,7 +2513,7 @@ else > > > > > > > # CCD end > > > > > > > # Update collectd configuration and delete all > > > > > > > RRD > > > > > > > files of the removed connection > > > > > > > &writecollectdconf(); > > > > > > > - system ("/usr/local/bin/openvpnctrl -drrd > > > > > > > $confighash{$cgiparams{'KEY'}}[1]"); > > > > > > > + system ('/usr/local/bin/openvpnctrl', '-drrd', > > > > > > > $confighash{$cgiparams{'KEY'}}[1]); > > > > > > > > > > > > > > delete $confighash{$cgiparams{'KEY'}}; > > > > > > > my $temp2 = `/usr/bin/openssl ca -gencrl -out > > > > > > > ${General::swroot}/ovpn/crls/cacrl.pem -config > > > > > > > ${General::swroot}/ovpn/openssl/ovpn.cnf`; > > > > > > > > > > > > > > > > > > > > > > > > >
Hi, So where are we on this issue? Is the patch ready to be accepted? How do we delete the files that should already have been deleted? -Michael > On 11 Apr 2020, at 13:52, ummeegge <ummeegge@ipfire.org> wrote: > > Hi Michael, > > Am Samstag, den 11.04.2020, 13:24 +0100 schrieb Michael Tremer: >> Hi, >> >>> On 11 Apr 2020, at 12:59, ummeegge <ummeegge@ipfire.org> wrote: >>> >>> Hi Michael, >>> >>> Am Samstag, den 11.04.2020, 11:46 +0100 schrieb Michael Tremer: >>>> Hi, >>>> >>>> This is a good find. >>>> >>>> Did you have a connection that had a space in the common name? >>>> Potentially it is that. >>> >>> No, the connections doesn´t have spaces. >>> >>>> >>>> Changing the code to use the common name should be trivial. Maybe >>>> just try printing the path it is trying to delete. Are the files >>>> maybe not accessible by “nobody”? >>> >>> They are pretty much all root:root . If i change the permissions to >>> nobody:nobdy i can delete all of them (by deleting X509) via a >>> >>> @@ -1288,6 +1277,9 @@ >>> while ($file = glob("${General::swroot}/ovpn/n2nconf/*")) { >>> system ("rm -rf $file"); >>> } >>> + while ($file = glob("/var/log/rrd/collectd/localhost/openvpn- >>> *")) { >>> + system ("rm -rf $file"); >>> + } >>> >>> which would spare this code --> >>> > https://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=e1297cbb7659618c526fdc1ab07e97f57f55fd78 >>> . Haven´t checked that yet for the deletion of only one >>> connection... >> >> If they belong to root, the web UI won’t have permissions to delete >> them. > Have changed the permissions via chown -R and tried to delete then via > single connection but also via X509 deletion (deleting all) with no > luck. > Nevertheless, the RRD creation should chown then openvpn-* directories > too which it currently do not. > >> >> That is something we will have to handle in openvpnctrl then. > Yes. > >> >>> Might it be possible that openvpnctrl handles there something >>> incorrect ? >> >> Is there any code to handle it? And if so, why is the CGI calling >> “rm”? > It is held in the already existing coding style --> > https://git.ipfire.org/?p=ipfire-2.x.git;a=blob;f=html/cgi-bin/ovpnmain.cgi;h=e76a688fe7dcda0b77bf716eb2538342cd775b00;hb=refs/heads/core142#l1231 > which should prevent the rmdir/unlink part for every connection i think. > > > Best, > > > Erik > > >> >> >> -Michael >> >>> >>> Best, >>> >>> >>> Erik >>> >>>> >>>> -Michael >>>> >>>>> On 11 Apr 2020, at 09:06, ummeegge <ummeegge@ipfire.org> wrote: >>>>> >>>>> Hi all, >>>>> this patch does only works if the common name is the same then >>>>> the >>>>> connection name. Have encountered that the rrd creation for >>>>> OpenVPN >>>>> uses the common name of the certificate not the connection name >>>>> --> >>>>> >>>>> # root @ ipfire-server in /var/log/rrd/collectd/localhost >>>>> [8:34:50] >>>>> $ ls >>>>> cpu-0 disk-loop0 iptables-filter- >>>>> PSCAN processes-charon processes-spamd >>>>> cpu-1 disk- >>>>> sda load processes- >>>>> java processes-squid >>>>> cpu- >>>>> 2 entropy memory proces >>>>> ses- >>>>> mpd processes-squidguard >>>>> cpu-3 interface openvpn- >>>>> rwonecert processes-nmbd processes-sshd >>>>> cpufreq iptables-filter-NEWNOTSYN openvpn- >>>>> rwtwocert processes-openvpn sensors-coretemp-isa-0000 >>>>> disk-dm-0 iptables-filter- >>>>> POLICYFWD ping processes-qemu sensors- >>>>> f71869-isa-0290 >>>>> disk-dm-1 iptables-filter- >>>>> POLICYIN processes processes-rtorrent swap >>>>> disk-dm-2 iptables-filter-POLICYOUT processes- >>>>> asterisk processes-smbd >>>>> >>>>> $ cat /var/ipfire/ovpn/ovpnconfig >>>>> 1,on,rwonename,rwonecert,host,cert,,,,,,,,,,,,,,,,,,,,,,,,,,,,d >>>>> ynam >>>>> ic >>>>> 2,on,rwtwoname,rwtwocert,host,cert,,,,,,,,,,,,,,,,,,,,,,,,,,,,d >>>>> ynam >>>>> ic,,,,,,,,,,, >>>>> >>>>> strangely enough if i set the element index to [2] it doesn´t >>>>> work. >>>>> Currently not sure why that´s happen. >>>>> >>>>> It is better to revert this patch. >>>>> >>>>> Best, >>>>> >>>>> Erik >>>>> >>>>> Am Samstag, den 28.03.2020, 10:45 +0100 schrieb ummeegge: >>>>>> Hi Peter, >>>>>> >>>>>> Am Samstag, den 28.03.2020, 09:25 +0000 schrieb Peter Müller: >>>>>>> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> >>>>>>> >>>>>>> In my opinion, this fixes #11713. >>>>>> >>>>>> Haven´t seen that one, yes i think so. >>>>>> Have found another one in here --> >>>>>> >>>>> >>>>> >>> >>> > https://git.ipfire.org/?p=ipfire-2.x.git;a=blob;f=html/cgi-bin/ovpnmain.cgi;h=e76a688fe7dcda0b77bf716eb2538342cd775b00;hb=HEAD#l1224 >>>>>> which can not be solved in this way. Need to have another >>>>>> look >>>>>> into >>>>>> this. >>>>>> Will send a separate patch then for "delete all RRDs if X509 >>>>>> is >>>>>> deleted". >>>>>> >>>>>> Need a little more time. >>>>>> >>>>>> Best, >>>>>> >>>>>> Erik >>>>>> >>>>>>> >>>>>>>> Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> >>>>>>>> --- >>>>>>>> html/cgi-bin/ovpnmain.cgi | 2 +- >>>>>>>> 1 file changed, 1 insertion(+), 1 deletion(-) >>>>>>>> >>>>>>>> diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi- >>>>>>>> bin/ovpnmain.cgi >>>>>>>> index ce9524df7..00ecd77a0 100644 >>>>>>>> --- a/html/cgi-bin/ovpnmain.cgi >>>>>>>> +++ b/html/cgi-bin/ovpnmain.cgi >>>>>>>> @@ -2513,7 +2513,7 @@ else >>>>>>>> # CCD end >>>>>>>> # Update collectd configuration and delete all >>>>>>>> RRD >>>>>>>> files of the removed connection >>>>>>>> &writecollectdconf(); >>>>>>>> - system ("/usr/local/bin/openvpnctrl -drrd >>>>>>>> $confighash{$cgiparams{'KEY'}}[1]"); >>>>>>>> + system ('/usr/local/bin/openvpnctrl', '-drrd', >>>>>>>> $confighash{$cgiparams{'KEY'}}[1]); >>>>>>>> >>>>>>>> delete $confighash{$cgiparams{'KEY'}}; >>>>>>>> my $temp2 = `/usr/bin/openssl ca -gencrl -out >>>>>>>> ${General::swroot}/ovpn/crls/cacrl.pem -config >>>>>>>> ${General::swroot}/ovpn/openssl/ovpn.cnf`;
Hi Michael, have seen this a little late sorry. Am Donnerstag, den 23.04.2020, 21:03 +0100 schrieb Michael Tremer: > Hi, > > So where are we on this issue? Currently no step further. We have the following problems. 1) The OpenVPN RRD directories do have permissions for root:root so it might be problematic to delete them via ovpnmain.cgi. 2) The permissions seems to be set via openvpn.so from collectd ? If so, we would need to patch this again. 3) What i could figured out was that the system command in ovpnmain.cgi which deletes the the OpenVPN RRDs should search for [3] not for [2] in ovpnconfig. 3) openvpnctrl should be able to delete them since it operates with root permissions ? 4) There seems to be a problem with the rrd section in openvpnctrl. Am not in the c++ part of openvpnctrl so it might be great if you can take a look into it. > > Is the patch ready to be accepted? It do not works currently. > > How do we delete the files that should already have been deleted? The command from bugzilla which i posted can may be extended/optimized ? > > -Michael > Best, Erik > > On 11 Apr 2020, at 13:52, ummeegge <ummeegge@ipfire.org> wrote: > > > > Hi Michael, > > > > Am Samstag, den 11.04.2020, 13:24 +0100 schrieb Michael Tremer: > > > Hi, > > > > > > > On 11 Apr 2020, at 12:59, ummeegge <ummeegge@ipfire.org> wrote: > > > > > > > > Hi Michael, > > > > > > > > Am Samstag, den 11.04.2020, 11:46 +0100 schrieb Michael Tremer: > > > > > Hi, > > > > > > > > > > This is a good find. > > > > > > > > > > Did you have a connection that had a space in the common > > > > > name? > > > > > Potentially it is that. > > > > > > > > No, the connections doesn´t have spaces. > > > > > > > > > > > > > > Changing the code to use the common name should be trivial. > > > > > Maybe > > > > > just try printing the path it is trying to delete. Are the > > > > > files > > > > > maybe not accessible by “nobody”? > > > > > > > > They are pretty much all root:root . If i change the > > > > permissions to > > > > nobody:nobdy i can delete all of them (by deleting X509) via a > > > > > > > > @@ -1288,6 +1277,9 @@ > > > > while ($file = glob("${General::swroot}/ovpn/n2nconf/*")) { > > > > system ("rm -rf $file"); > > > > } > > > > + while ($file = > > > > glob("/var/log/rrd/collectd/localhost/openvpn- > > > > *")) { > > > > + system ("rm -rf $file"); > > > > + } > > > > > > > > which would spare this code --> > > > > > > > > https://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=e1297cbb7659618c526fdc1ab07e97f57f55fd78 > > > > . Haven´t checked that yet for the deletion of only one > > > > connection... > > > > > > If they belong to root, the web UI won’t have permissions to > > > delete > > > them. > > > > Have changed the permissions via chown -R and tried to delete then > > via > > single connection but also via X509 deletion (deleting all) with no > > luck. > > Nevertheless, the RRD creation should chown then openvpn-* > > directories > > too which it currently do not. > > > > > > > > That is something we will have to handle in openvpnctrl then. > > > > Yes. > > > > > > > > > Might it be possible that openvpnctrl handles there something > > > > incorrect ? > > > > > > Is there any code to handle it? And if so, why is the CGI calling > > > “rm”? > > > > It is held in the already existing coding style --> > > https://git.ipfire.org/?p=ipfire-2.x.git;a=blob;f=html/cgi-bin/ovpnmain.cgi;h=e76a688fe7dcda0b77bf716eb2538342cd775b00;hb=refs/heads/core142#l1231 > > which should prevent the rmdir/unlink part for every connection i > > think. > > > > > > Best, > > > > > > Erik > > > > > > > > > > > > > -Michael > > > > > > > > > > > Best, > > > > > > > > > > > > Erik > > > > > > > > > > > > > > -Michael > > > > > > > > > > > On 11 Apr 2020, at 09:06, ummeegge <ummeegge@ipfire.org> > > > > > > wrote: > > > > > > > > > > > > Hi all, > > > > > > this patch does only works if the common name is the same > > > > > > then > > > > > > the > > > > > > connection name. Have encountered that the rrd creation for > > > > > > OpenVPN > > > > > > uses the common name of the certificate not the connection > > > > > > name > > > > > > --> > > > > > > > > > > > > # root @ ipfire-server in /var/log/rrd/collectd/localhost > > > > > > [8:34:50] > > > > > > $ ls > > > > > > cpu-0 disk-loop0 iptables-filter- > > > > > > PSCAN processes-charon processes-spamd > > > > > > cpu-1 disk- > > > > > > sda load processes- > > > > > > java processes-squid > > > > > > cpu- > > > > > > 2 entropy memory pr > > > > > > oces > > > > > > ses- > > > > > > mpd processes-squidguard > > > > > > cpu-3 interface openvpn- > > > > > > rwonecert processes-nmbd processes-sshd > > > > > > cpufreq iptables-filter-NEWNOTSYN openvpn- > > > > > > rwtwocert processes-openvpn sensors-coretemp-isa- > > > > > > 0000 > > > > > > disk-dm-0 iptables-filter- > > > > > > POLICYFWD ping processes- > > > > > > qemu sensors- > > > > > > f71869-isa-0290 > > > > > > disk-dm-1 iptables-filter- > > > > > > POLICYIN processes processes-rtorrent swap > > > > > > disk-dm-2 iptables-filter-POLICYOUT processes- > > > > > > asterisk processes-smbd > > > > > > > > > > > > $ cat /var/ipfire/ovpn/ovpnconfig > > > > > > 1,on,rwonename,rwonecert,host,cert,,,,,,,,,,,,,,,,,,,,,,,,, > > > > > > ,,,d > > > > > > ynam > > > > > > ic > > > > > > 2,on,rwtwoname,rwtwocert,host,cert,,,,,,,,,,,,,,,,,,,,,,,,, > > > > > > ,,,d > > > > > > ynam > > > > > > ic,,,,,,,,,,, > > > > > > > > > > > > strangely enough if i set the element index to [2] it > > > > > > doesn´t > > > > > > work. > > > > > > Currently not sure why that´s happen. > > > > > > > > > > > > It is better to revert this patch. > > > > > > > > > > > > Best, > > > > > > > > > > > > Erik > > > > > > > > > > > > Am Samstag, den 28.03.2020, 10:45 +0100 schrieb ummeegge: > > > > > > > Hi Peter, > > > > > > > > > > > > > > Am Samstag, den 28.03.2020, 09:25 +0000 schrieb Peter > > > > > > > Müller: > > > > > > > > Reviewed-by: Peter Müller <peter.mueller@ipfire.org> > > > > > > > > > > > > > > > > In my opinion, this fixes #11713. > > > > > > > > > > > > > > Haven´t seen that one, yes i think so. > > > > > > > Have found another one in here --> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > https://git.ipfire.org/?p=ipfire-2.x.git;a=blob;f=html/cgi-bin/ovpnmain.cgi;h=e76a688fe7dcda0b77bf716eb2538342cd775b00;hb=HEAD#l1224 > > > > > > > which can not be solved in this way. Need to have another > > > > > > > look > > > > > > > into > > > > > > > this. > > > > > > > Will send a separate patch then for "delete all RRDs if > > > > > > > X509 > > > > > > > is > > > > > > > deleted". > > > > > > > > > > > > > > Need a little more time. > > > > > > > > > > > > > > Best, > > > > > > > > > > > > > > Erik > > > > > > > > > > > > > > > > > > > > > > > > Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> > > > > > > > > > --- > > > > > > > > > html/cgi-bin/ovpnmain.cgi | 2 +- > > > > > > > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > > > > > > > > > > > > > diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi- > > > > > > > > > bin/ovpnmain.cgi > > > > > > > > > index ce9524df7..00ecd77a0 100644 > > > > > > > > > --- a/html/cgi-bin/ovpnmain.cgi > > > > > > > > > +++ b/html/cgi-bin/ovpnmain.cgi > > > > > > > > > @@ -2513,7 +2513,7 @@ else > > > > > > > > > # CCD end > > > > > > > > > # Update collectd configuration and > > > > > > > > > delete all > > > > > > > > > RRD > > > > > > > > > files of the removed connection > > > > > > > > > &writecollectdconf(); > > > > > > > > > - system ("/usr/local/bin/openvpnctrl > > > > > > > > > -drrd > > > > > > > > > $confighash{$cgiparams{'KEY'}}[1]"); > > > > > > > > > + system ('/usr/local/bin/openvpnctrl', > > > > > > > > > '-drrd', > > > > > > > > > $confighash{$cgiparams{'KEY'}}[1]); > > > > > > > > > > > > > > > > > > delete $confighash{$cgiparams{'KEY'}}; > > > > > > > > > my $temp2 = `/usr/bin/openssl ca > > > > > > > > > -gencrl -out > > > > > > > > > ${General::swroot}/ovpn/crls/cacrl.pem -config > > > > > > > > > ${General::swroot}/ovpn/openssl/ovpn.cnf`; > >
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index ce9524df7..00ecd77a0 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -2513,7 +2513,7 @@ else # CCD end # Update collectd configuration and delete all RRD files of the removed connection &writecollectdconf(); - system ("/usr/local/bin/openvpnctrl -drrd $confighash{$cgiparams{'KEY'}}[1]"); + system ('/usr/local/bin/openvpnctrl', '-drrd', $confighash{$cgiparams{'KEY'}}[1]); delete $confighash{$cgiparams{'KEY'}}; my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;