From patchwork Sun Jun 4 18:57:09 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 6926 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4QZ5Zr3k21z3wmM for ; Sun, 4 Jun 2023 18:57:24 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4QZ5Zn6R4wz1TK; Sun, 4 Jun 2023 18:57:21 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4QZ5Zn1L5qz30JP; Sun, 4 Jun 2023 18:57:21 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4QZ5Zl5yd6z2xn3 for ; Sun, 4 Jun 2023 18:57:19 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4QZ5Zl2h9Jz18B; Sun, 4 Jun 2023 18:57:19 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1685905039; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=nHekpVOx5pagWZ73vV+GIhxwFB//8lsZVILS+IWkQqo=; b=Z9hDRodN0epsGW9EGzKFMkmEaHmLEhQIxzRsC4YE608NOlG0rj19fwFoCRBGqo1E97O1st zZu5EXKRzHzVtGCg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1685905039; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=nHekpVOx5pagWZ73vV+GIhxwFB//8lsZVILS+IWkQqo=; b=JjRIS+E4E0VyB2Lmbrt3smtf5t99AN1oygs1Py9JAhg2KG1PCL+RDp9z9w6iINiyHmfj+Z X+BfPMDjA5FRhWqncKCuEl6TpomwgJv4pWz44jl+jqXsXvsBpttmc3fpP8bm4wVhHrrNwj lMs96TnrHqi66qMa7bIfJizk+vydYBWPqoDXX+8innRukXAxAzhWKD02AUMjKgFbSs6K3r luC+SZfiyNHJFqXX3QXU5G7mu1BQMLanTh73cJ0OW5BlaJBhXGJMWh7WO8fLbD67eG0z/C Np/3DuDLdIJi8ZP2Dw/EfF/v56ETh/D+kM68rHNVJNfbEpTpSWxAyWXtB/A8TQ== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH 2/2] update.sh: Fixes Bug#13137 - Existing n2n client connection created with openssl-1.1.1x fails to start with openssl-3.x Date: Sun, 4 Jun 2023 20:57:09 +0200 Message-Id: <20230604185709.8088-2-adolf.belka@ipfire.org> In-Reply-To: <20230604185709.8088-1-adolf.belka@ipfire.org> References: <20230604185709.8088-1-adolf.belka@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" - This modification will check if ovpnconfig exists and is not empty. If so then it will check for all n2n connections and if they are Client configs will check if "providers legacy default" is not already present and if so will add it. Fixes: Bug#13137 Tested-by: Adolf Belka Signed-off-by: Adolf Belka Reviewed-by: Michael Tremer --- config/rootfiles/core/175/update.sh | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/config/rootfiles/core/175/update.sh b/config/rootfiles/core/175/update.sh index 5e45c819f..82676bc72 100644 --- a/config/rootfiles/core/175/update.sh +++ b/config/rootfiles/core/175/update.sh @@ -177,6 +177,20 @@ if [ -e /boot/pakfire-kernel-update ]; then /boot/pakfire-kernel-update ${KVER} fi +## Add providers legacy default line to n2n client config files +# Check if ovpnconfig exists and is not empty +if [ -s /var/ipfire/ovpn/ovpnconfig ]; then + # Identify all n2n connections + for y in $(awk -F',' '/net/ { print $3 }' /var/ipfire/ovpn/ovpnconfig); do + # Add the legacy option to all N2N client conf files + if [ $(grep -c "Open VPN Client Config" /var/ipfire/ovpn/n2nconf/${y}/${y}.conf) -eq 1 ] ; then + if [ $(grep -c "providers legacy default" /var/ipfire/ovpn/n2nconf/${y}/${y}.conf) -eq 0 ] ; then + echo "providers legacy default" >> /var/ipfire/ovpn/n2nconf/${y}/${y}.conf + fi + fi + done +fi + # This update needs a reboot... touch /var/run/need_reboot