| Message ID | 20200324102905.27038-1-ummeegge@ipfire.org |
|---|---|
| State | Accepted |
| Commit | 6ad43b0f218faa004986fca0c79e1446697c7b27 |
| Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 48mnYJ290pz3yBk for <patchwork@web04.haj.ipfire.org>; Tue, 24 Mar 2020 10:29:24 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 48mnYG6nWyzjK; Tue, 24 Mar 2020 10:29:22 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 48mnYG5Q6zz2xxj; Tue, 24 Mar 2020 10:29:22 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 48mnYF3qpZz2xcW for <development@lists.ipfire.org>; Tue, 24 Mar 2020 10:29:21 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 48mnYD5SzrzjK; Tue, 24 Mar 2020 10:29:20 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1585045760; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc; bh=6CVnVWEAdZUUrwS1rX+4uaR1IZvye2fxv4b5WYT+/1I=; b=F4BmSJe82klfyMO6VqeaDht0xv1k+k7IAT+Pv3C7oC8/4R6zgOgA4WxQFiQRnkz0aeTEDs XT2NVzqBCErvpnAA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1585045760; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc; bh=6CVnVWEAdZUUrwS1rX+4uaR1IZvye2fxv4b5WYT+/1I=; b=Hp/YaocIGULTMOrw5rFsU8Yau4oUGHHABidLY0AonnjZ4qeVc13VNbRBeFhlAcLnl6u4y9 yv34+QN87TqqOWlsMyN00leneZtQ0Row3o3B2USGId3lvV8OUZ036PWdS9wfaKi/w9xnYV BekADiWkRFp00oBefYKs+z5EzAEnXmnspdfxvXqJWY2Pb+GpApJxlASESrWTu+NkxKs2is PZ4DYJGoWmiIlmfrdToPJrEWY56CZHCrSp4zURlugcVIaKFNpuJd1cic5P78lg2NW/gMs6 wlJYOPrQiNyy6jWKEUYpQFbzJnitPbPh7VomRi8twWij6gclYBy9a8iRa462ig== From: Erik Kapfer <ummeegge@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH] OpenVPN: Stop N2N connection before remove. Date: Tue, 24 Mar 2020 11:29:05 +0100 Message-Id: <20200324102905.27038-1-ummeegge@ipfire.org> Authentication-Results: mail01.ipfire.org; auth=pass smtp.mailfrom=ummeegge@ipfire.org X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <http://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
| Series |
OpenVPN: Stop N2N connection before remove.
|
|
Commit Message
ummeegge
March 24, 2020, 10:29 a.m. UTC
Fix #12334
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
---
html/cgi-bin/ovpnmain.cgi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Comments
Hello, Brilliant fix. Thanks for looking into this so quickly. Did you check if we have any other issues like this? Best, -Michael Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> > On 24 Mar 2020, at 10:29, Erik Kapfer <ummeegge@ipfire.org> wrote: > > Fix #12334 > > Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> > --- > html/cgi-bin/ovpnmain.cgi | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi > index e76a688fe..a6fdd6d75 100644 > --- a/html/cgi-bin/ovpnmain.cgi > +++ b/html/cgi-bin/ovpnmain.cgi > @@ -2464,7 +2464,7 @@ else > > if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') { > # Stop the N2N connection before it is removed > - system("/usr/local/bin/openvpnctrl -kn2n $confighash{$cgiparams{'KEY'}}[1] &>/dev/null"); > + system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]); > > my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf"); > my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12"); > -- > 2.12.2 >
Hi Michael, Am Dienstag, den 24.03.2020, 11:31 +0000 schrieb Michael Tremer: > Hello, > > Brilliant fix. Thanks for looking into this so quickly. your welcome. > > Did you check if we have any other issues like this? Not similar to that one as far as i can see. This one --> https://git.ipfire.org/?p=ipfire-2.x.git;a=blob;f=html/cgi-bin/ovpnmain.cgi;hb=91457877199d3ac8438efc7be4cd6a50e48e37e4#l1221 comes closer but it works. Should i nevertheless ? Best, Erik > > Best, > -Michael > > Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> > > > On 24 Mar 2020, at 10:29, Erik Kapfer <ummeegge@ipfire.org> wrote: > > > > Fix #12334 > > > > Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> > > --- > > html/cgi-bin/ovpnmain.cgi | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi > > index e76a688fe..a6fdd6d75 100644 > > --- a/html/cgi-bin/ovpnmain.cgi > > +++ b/html/cgi-bin/ovpnmain.cgi > > @@ -2464,7 +2464,7 @@ else > > > > if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') { > > # Stop the N2N connection before it is removed > > - system("/usr/local/bin/openvpnctrl -kn2n > > $confighash{$cgiparams{'KEY'}}[1] &>/dev/null"); > > + system('/usr/local/bin/openvpnctrl', '-kn2n', > > $confighash{$cgiparams{'KEY'}}[1]); > > > > my $conffile = > > glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'} > > }[1]/$confighash{$cgiparams{'KEY'}}[1].conf"); > > my $certfile = > > glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[ > > 1].p12"); > > -- > > 2.12.2 > > > >
Yes, please. If we spot a bug, we should of course fix it :) > On 24 Mar 2020, at 12:31, ummeegge <ummeegge@ipfire.org> wrote: > > Hi Michael, > > Am Dienstag, den 24.03.2020, 11:31 +0000 schrieb Michael Tremer: >> Hello, >> >> Brilliant fix. Thanks for looking into this so quickly. > your welcome. > >> >> Did you check if we have any other issues like this? > Not similar to that one as far as i can see. > This one --> > https://git.ipfire.org/?p=ipfire-2.x.git;a=blob;f=html/cgi-bin/ovpnmain.cgi;hb=91457877199d3ac8438efc7be4cd6a50e48e37e4#l1221 > comes closer but it works. > Should i nevertheless ? > > Best, > > Erik > >> >> Best, >> -Michael >> >> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> >> >>> On 24 Mar 2020, at 10:29, Erik Kapfer <ummeegge@ipfire.org> wrote: >>> >>> Fix #12334 >>> >>> Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> >>> --- >>> html/cgi-bin/ovpnmain.cgi | 2 +- >>> 1 file changed, 1 insertion(+), 1 deletion(-) >>> >>> diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi >>> index e76a688fe..a6fdd6d75 100644 >>> --- a/html/cgi-bin/ovpnmain.cgi >>> +++ b/html/cgi-bin/ovpnmain.cgi >>> @@ -2464,7 +2464,7 @@ else >>> >>> if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') { >>> # Stop the N2N connection before it is removed >>> - system("/usr/local/bin/openvpnctrl -kn2n >>> $confighash{$cgiparams{'KEY'}}[1] &>/dev/null"); >>> + system('/usr/local/bin/openvpnctrl', '-kn2n', >>> $confighash{$cgiparams{'KEY'}}[1]); >>> >>> my $conffile = >>> glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'} >>> }[1]/$confighash{$cgiparams{'KEY'}}[1].conf"); >>> my $certfile = >>> glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[ >>> 1].p12"); >>> -- >>> 2.12.2 >>> >> >> >
Am Dienstag, den 24.03.2020, 14:42 +0000 schrieb Michael Tremer: > Yes, please. If we spot a bug, we should of course fix it :) OK, will send another patch for this. May at the evening. Best, Erik > > > On 24 Mar 2020, at 12:31, ummeegge <ummeegge@ipfire.org> wrote: > > > > Hi Michael, > > > > Am Dienstag, den 24.03.2020, 11:31 +0000 schrieb Michael Tremer: > > > Hello, > > > > > > Brilliant fix. Thanks for looking into this so quickly. > > > > your welcome. > > > > > > > > Did you check if we have any other issues like this? > > > > Not similar to that one as far as i can see. > > This one --> > > https://git.ipfire.org/?p=ipfire-2.x.git;a=blob;f=html/cgi-bin/ovpnmain.cgi;hb=91457877199d3ac8438efc7be4cd6a50e48e37e4#l1221 > > comes closer but it works. > > Should i nevertheless ? > > > > Best, > > > > Erik > > > > > > > > Best, > > > -Michael > > > > > > Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> > > > > > > > On 24 Mar 2020, at 10:29, Erik Kapfer <ummeegge@ipfire.org> > > > > wrote: > > > > > > > > Fix #12334 > > > > > > > > Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> > > > > --- > > > > html/cgi-bin/ovpnmain.cgi | 2 +- > > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > > > diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi- > > > > bin/ovpnmain.cgi > > > > index e76a688fe..a6fdd6d75 100644 > > > > --- a/html/cgi-bin/ovpnmain.cgi > > > > +++ b/html/cgi-bin/ovpnmain.cgi > > > > @@ -2464,7 +2464,7 @@ else > > > > > > > > if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') > > > > { > > > > # Stop the N2N connection before it is > > > > removed > > > > - system("/usr/local/bin/openvpnctrl > > > > -kn2n > > > > $confighash{$cgiparams{'KEY'}}[1] &>/dev/null"); > > > > + system('/usr/local/bin/openvpnctrl', '- > > > > kn2n', > > > > $confighash{$cgiparams{'KEY'}}[1]); > > > > > > > > my $conffile = > > > > glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'K > > > > EY'} > > > > }[1]/$confighash{$cgiparams{'KEY'}}[1].conf"); > > > > my $certfile = > > > > glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY > > > > '}}[ > > > > 1].p12"); > > > > -- > > > > 2.12.2 > > > > > > > > > > > >
Have had a double look into this one specific and it should be left as it is since it works and the other solution will breaks it. But have found some more. Need a little more time. Best, Erik Am Mittwoch, den 25.03.2020, 13:09 +0100 schrieb ummeegge: > Am Dienstag, den 24.03.2020, 14:42 +0000 schrieb Michael Tremer: > > Yes, please. If we spot a bug, we should of course fix it :) > > OK, will send another patch for this. May at the evening. > > Best, > > Erik > > > > > > On 24 Mar 2020, at 12:31, ummeegge <ummeegge@ipfire.org> wrote: > > > > > > Hi Michael, > > > > > > Am Dienstag, den 24.03.2020, 11:31 +0000 schrieb Michael Tremer: > > > > Hello, > > > > > > > > Brilliant fix. Thanks for looking into this so quickly. > > > > > > your welcome. > > > > > > > > > > > Did you check if we have any other issues like this? > > > > > > Not similar to that one as far as i can see. > > > This one --> > > > > > https://git.ipfire.org/?p=ipfire-2.x.git;a=blob;f=html/cgi-bin/ovpnmain.cgi;hb=91457877199d3ac8438efc7be4cd6a50e48e37e4#l1221 > > > comes closer but it works. > > > Should i nevertheless ? > > > > > > Best, > > > > > > Erik > > > > > > > > > > > Best, > > > > -Michael > > > > > > > > Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> > > > > > > > > > On 24 Mar 2020, at 10:29, Erik Kapfer <ummeegge@ipfire.org> > > > > > wrote: > > > > > > > > > > Fix #12334 > > > > > > > > > > Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> > > > > > --- > > > > > html/cgi-bin/ovpnmain.cgi | 2 +- > > > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > > > > > diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi- > > > > > bin/ovpnmain.cgi > > > > > index e76a688fe..a6fdd6d75 100644 > > > > > --- a/html/cgi-bin/ovpnmain.cgi > > > > > +++ b/html/cgi-bin/ovpnmain.cgi > > > > > @@ -2464,7 +2464,7 @@ else > > > > > > > > > > if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') > > > > > { > > > > > # Stop the N2N connection before it is > > > > > removed > > > > > - system("/usr/local/bin/openvpnctrl > > > > > -kn2n > > > > > $confighash{$cgiparams{'KEY'}}[1] &>/dev/null"); > > > > > + system('/usr/local/bin/openvpnctrl', '- > > > > > kn2n', > > > > > $confighash{$cgiparams{'KEY'}}[1]); > > > > > > > > > > my $conffile = > > > > > glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{ > > > > > 'K > > > > > EY'} > > > > > }[1]/$confighash{$cgiparams{'KEY'}}[1].conf"); > > > > > my $certfile = > > > > > glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'K > > > > > EY > > > > > '}}[ > > > > > 1].p12"); > > > > > -- > > > > > 2.12.2 > > > > > > > > > > > > > > > > > > >
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index e76a688fe..a6fdd6d75 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -2464,7 +2464,7 @@ else if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') { # Stop the N2N connection before it is removed - system("/usr/local/bin/openvpnctrl -kn2n $confighash{$cgiparams{'KEY'}}[1] &>/dev/null"); + system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]); my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf"); my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");