[2/2] update.sh: Fixes Bug#13137 - Existing n2n client connection created with openssl-1.1.1x fails to start with openssl-3.x
Commit Message
- This modification will check if ovpnconfig exists and is not empty. If so then it will
check for all n2n connections and if they are Client configs will check if
"providers legacy default" is not already present and if so will add it.
Fixes: Bug#13137
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
config/rootfiles/core/175/update.sh | 14 ++++++++++++++
1 file changed, 14 insertions(+)
Comments
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
We need to consider that people might overwrite this when they restore an older backup.
So I am not sure whether we want those lines added to the backup scripts as well.
-Michael
> On 4 Jun 2023, at 19:57, Adolf Belka <adolf.belka@ipfire.org> wrote:
>
> - This modification will check if ovpnconfig exists and is not empty. If so then it will
> check for all n2n connections and if they are Client configs will check if
> "providers legacy default" is not already present and if so will add it.
>
> Fixes: Bug#13137
> Tested-by: Adolf Belka <adolf.belka@ipfire.org>
> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
> ---
> config/rootfiles/core/175/update.sh | 14 ++++++++++++++
> 1 file changed, 14 insertions(+)
>
> diff --git a/config/rootfiles/core/175/update.sh b/config/rootfiles/core/175/update.sh
> index 5e45c819f..82676bc72 100644
> --- a/config/rootfiles/core/175/update.sh
> +++ b/config/rootfiles/core/175/update.sh
> @@ -177,6 +177,20 @@ if [ -e /boot/pakfire-kernel-update ]; then
> /boot/pakfire-kernel-update ${KVER}
> fi
>
> +## Add providers legacy default line to n2n client config files
> +# Check if ovpnconfig exists and is not empty
> +if [ -s /var/ipfire/ovpn/ovpnconfig ]; then
> + # Identify all n2n connections
> + for y in $(awk -F',' '/net/ { print $3 }' /var/ipfire/ovpn/ovpnconfig); do
> + # Add the legacy option to all N2N client conf files
> + if [ $(grep -c "Open VPN Client Config" /var/ipfire/ovpn/n2nconf/${y}/${y}.conf) -eq 1 ] ; then
> + if [ $(grep -c "providers legacy default" /var/ipfire/ovpn/n2nconf/${y}/${y}.conf) -eq 0 ] ; then
> + echo "providers legacy default" >> /var/ipfire/ovpn/n2nconf/${y}/${y}.conf
> + fi
> + fi
> + done
> +fi
> +
> # This update needs a reboot...
> touch /var/run/need_reboot
>
> --
> 2.40.1
>
Hi Michael,
On 05/06/2023 12:32, Michael Tremer wrote:
> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
>
> We need to consider that people might overwrite this when they restore an older backup.
>
> So I am not sure whether we want those lines added to the backup scripts as well.
That is a good idea. I have created a patch to do that, tested it out and it worked. It only adds the line if it doesn't already exist. The patch has been submitted.
Regards,
Adolf.
>
> -Michael
>
>> On 4 Jun 2023, at 19:57, Adolf Belka <adolf.belka@ipfire.org> wrote:
>>
>> - This modification will check if ovpnconfig exists and is not empty. If so then it will
>> check for all n2n connections and if they are Client configs will check if
>> "providers legacy default" is not already present and if so will add it.
>>
>> Fixes: Bug#13137
>> Tested-by: Adolf Belka <adolf.belka@ipfire.org>
>> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
>> ---
>> config/rootfiles/core/175/update.sh | 14 ++++++++++++++
>> 1 file changed, 14 insertions(+)
>>
>> diff --git a/config/rootfiles/core/175/update.sh b/config/rootfiles/core/175/update.sh
>> index 5e45c819f..82676bc72 100644
>> --- a/config/rootfiles/core/175/update.sh
>> +++ b/config/rootfiles/core/175/update.sh
>> @@ -177,6 +177,20 @@ if [ -e /boot/pakfire-kernel-update ]; then
>> /boot/pakfire-kernel-update ${KVER}
>> fi
>>
>> +## Add providers legacy default line to n2n client config files
>> +# Check if ovpnconfig exists and is not empty
>> +if [ -s /var/ipfire/ovpn/ovpnconfig ]; then
>> + # Identify all n2n connections
>> + for y in $(awk -F',' '/net/ { print $3 }' /var/ipfire/ovpn/ovpnconfig); do
>> + # Add the legacy option to all N2N client conf files
>> + if [ $(grep -c "Open VPN Client Config" /var/ipfire/ovpn/n2nconf/${y}/${y}.conf) -eq 1 ] ; then
>> + if [ $(grep -c "providers legacy default" /var/ipfire/ovpn/n2nconf/${y}/${y}.conf) -eq 0 ] ; then
>> + echo "providers legacy default" >> /var/ipfire/ovpn/n2nconf/${y}/${y}.conf
>> + fi
>> + fi
>> + done
>> +fi
>> +
>> # This update needs a reboot...
>> touch /var/run/need_reboot
>>
>> --
>> 2.40.1
>>
>
@@ -177,6 +177,20 @@ if [ -e /boot/pakfire-kernel-update ]; then
/boot/pakfire-kernel-update ${KVER}
fi
+## Add providers legacy default line to n2n client config files
+# Check if ovpnconfig exists and is not empty
+if [ -s /var/ipfire/ovpn/ovpnconfig ]; then
+ # Identify all n2n connections
+ for y in $(awk -F',' '/net/ { print $3 }' /var/ipfire/ovpn/ovpnconfig); do
+ # Add the legacy option to all N2N client conf files
+ if [ $(grep -c "Open VPN Client Config" /var/ipfire/ovpn/n2nconf/${y}/${y}.conf) -eq 1 ] ; then
+ if [ $(grep -c "providers legacy default" /var/ipfire/ovpn/n2nconf/${y}/${y}.conf) -eq 0 ] ; then
+ echo "providers legacy default" >> /var/ipfire/ovpn/n2nconf/${y}/${y}.conf
+ fi
+ fi
+ done
+fi
+
# This update needs a reboot...
touch /var/run/need_reboot