From patchwork Thu Mar 21 12:24:51 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Erik Kapfer X-Patchwork-Id: 7650 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4V0l6S3C76z3ww6 for ; Thu, 21 Mar 2024 12:25:36 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4V0l6N0K59zFKs; Thu, 21 Mar 2024 12:25:32 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4V0l6M4vFfz32ty; Thu, 21 Mar 2024 12:25:31 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4V0l6J4Ts7z30Qs for ; Thu, 21 Mar 2024 12:25:28 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4V0l6H3z7dzFK8; Thu, 21 Mar 2024 12:25:27 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1711023927; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=fYZOlbFw2RQFshvzy5FrdNxL4Xyjx2X9o95kNovpGAs=; b=EHBrdekGNajW8ClORTraqr3xE0aNvHhCzuEQMWZLjVsBHZ4YCxjKoE07XG814dSoZlQ55Q HXFHdueuJZhr2bAQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1711023927; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=fYZOlbFw2RQFshvzy5FrdNxL4Xyjx2X9o95kNovpGAs=; b=YIl/L4ZLv9wmfc1VE9aLPE2Wvaki1IxbTZ5B9B0kwtE/pP5n695ojyCsl9QhcAEZiMixCa EyGcRV+DvGQxIK6lYISif7hgA5r8Rz1IdEmZ2LRKJbkDIpzoBSUF8hWTVomeyaNvUqwryh UjFfDZLTMBCl0w67ymEUcVks/xh4f9KZqCdDS8sajalFl/1GqtmuP8SZEUxP1TdSG12D+u kKubSli7/HExnGqzo0ZH3MG/J/fBgw8Lg23FrW0NoWhOfzFw4+km7RikODgn2DWD6VNvXG XLmIZebaqmwJroYrQry4WqyTfXcCkwiZmJaxnRrvgVrODS6DM/O2DsOhswaxfw== From: Erik Kapfer To: development@lists.ipfire.org Subject: [PATCH 4/4] update.sh: Add and change new directives for OpenVPN 2.6.x . Date: Thu, 21 Mar 2024 13:24:51 +0100 Message-ID: <20240321122511.3287692-4-erik.kapfer@ipfire.org> In-Reply-To: <20240321122511.3287692-1-erik.kapfer@ipfire.org> References: <20240321122511.3287692-1-erik.kapfer@ipfire.org> MIME-Version: 1.0 Message-ID-Hash: UBA4CFA5KM5Z5H6GAJOXVO2AALNPCWFP X-Message-ID-Hash: UBA4CFA5KM5Z5H6GAJOXVO2AALNPCWFP X-MailFrom: erik.kapfer@ipfire.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: IPFire development talk Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: This process may should be continued with some of the following updates to make sure the directives are included even the update with this changes has over jumped ?! otherwise, the "Advanced server options" page needs to be saved via WUI to bring OpenVPN to life. Signed-off-by: Erik Kapfer --- config/rootfiles/core/185/update.sh | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/config/rootfiles/core/185/update.sh b/config/rootfiles/core/185/update.sh index 2c95c4102..247661481 100644 --- a/config/rootfiles/core/185/update.sh +++ b/config/rootfiles/core/185/update.sh @@ -35,6 +35,17 @@ done /etc/init.d/ntp stop /etc/init.d/squid stop +# OpenVPN add and change new 2.6.x directives for NCP. +if pgrep openvpn > /dev/null; then + /usr/local/bin/openvpnctrl -k > /dev/null + sed -i 's/^ncp-disable/data-ciphers ChaCha20-Poly1305:AES-256-GCM/' /var/ipfire/ovpn/server.conf + sed -i 's/^cipher/data-ciphers-fallback/' /var/ipfire/ovpn/server.conf + /usr/local/bin/openvpnctrl -s > /dev/null +else + sed -i 's/^ncp-disable/data-ciphers ChaCha20-Poly1305:AES-256-GCM/' /var/ipfire/ovpn/server.conf + sed -i 's/^cipher/data-ciphers-fallback/' /var/ipfire/ovpn/server.conf +fi + # Extract files extract_files