From patchwork Wed Jun 7 14:21:48 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 6931 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4QbqKh2nv8z3wgN for ; Wed, 7 Jun 2023 14:22:00 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4QbqKd5gq9zGb; Wed, 7 Jun 2023 14:21:57 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4QbqKd3sgqz30HF; Wed, 7 Jun 2023 14:21:57 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4QbqKc5tCxz2xFl for ; Wed, 7 Jun 2023 14:21:56 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4QbqKZ4mmhzGb; Wed, 7 Jun 2023 14:21:54 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1686147714; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=ndvi52F3QdjFLNwCwpa8/3cdAU16pDVTSH0r3n+3OIE=; b=7y0+BdSHdAI4UmLJMrDFDowofwefF4OqvwDRqG1RdglT4Tnl88xh75UKHvMca1eYwoibmH 9EfgNPewTZJxzoAQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1686147714; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=ndvi52F3QdjFLNwCwpa8/3cdAU16pDVTSH0r3n+3OIE=; b=iUrAjWbH5nmDnALtIgXkQZcWRqpDVQAGDb+PDg452s2GCYfYafkDBtuEtregPLAeD0KRY3 ytSWQAZJ6UUDrIptykLodR87gcKh06xEMomiTaknHDx9CHu0kgPuan8DhiOA/dIh/5zV87 sEkOeunY+IBGNzIzk248codLa7unXBYtYNbAh9no88BV3tH5D6QRtjSHA8Y1CaWQeJkOgJ TpJTfFkeiztMRV2ySfnfSf76ICe8BZoGOmG273NXtBzowcSH/bGaoOC10TvLzgzZi9e298 9mji+Ved8GdC7bjnx1ijURdeXTvjK+g4AZOFbpENnqQvE2KwzeKpOvLHTmq5RA== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH 1/3] ovpnmain.cgi: Updated fix for Bug#13137 Date: Wed, 7 Jun 2023 16:21:48 +0200 Message-Id: <20230607142150.18407-1-adolf.belka@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" - This now only adds "providers legacy default" to the config files of connections that have legacy certificates, both for n2n and roadwarrior. - This new approach also removes the requirement to have code in the update.sh script or in backup.pl so those earlier modifications are removed in two additional patches combined with this one in a set. - The -legacy option has been removed from the pkcs12 creation part of the code as otherwise this creates a certificate in legacy format, which is not wanted. All new connection certificates being created will be based on openssl-3.x Fixes: Bug#13137 Suggested-by: Michael Tremer Tested-by: Adolf Belka Signed-off-by: Adolf Belka --- html/cgi-bin/ovpnmain.cgi | 70 ++++++++++++++++++++++++++++++--------- 1 file changed, 55 insertions(+), 15 deletions(-) diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 88106251e..a210e0509 100755 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -138,6 +138,17 @@ unless (-e "$local_clientconf") { ### ### Useful functions ### +sub iscertlegacy +{ + my $file=$_[0]; + my @certinfo = &General::system_output("/usr/bin/openssl", "pkcs12", "-info", "-nodes", + "-in", "$file.p12", "-noout", "-passin", "pass:''"); + if (index ($certinfo[0], "MAC: sha1") != -1) { + return 0; + } + return 1; +} + sub haveOrangeNet { if ($netsettings{'CONFIG_TYPE'} == 2) {return 1;} @@ -1115,7 +1126,9 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General print CLIENTCONF "# Activate Management Interface and Port\n"; if ($cgiparams{'OVPN_MGMT'} eq '') {print CLIENTCONF "management localhost $cgiparams{'DEST_PORT'}\n"} else {print CLIENTCONF "management localhost $cgiparams{'OVPN_MGMT'}\n"}; - print CLIENTCONF "providers legacy default\n"; + if (&iscertlegacy("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}")) { + print CLIENTCONF "providers legacy default\n"; + } close(CLIENTCONF); } @@ -1649,7 +1662,7 @@ END goto ROOTCERT_ERROR; } } else { # child - unless (exec ('/usr/bin/openssl', 'pkcs12', '-legacy', '-cacerts', '-nokeys', + unless (exec ('/usr/bin/openssl', 'pkcs12', '-cacerts', '-nokeys', '-in', $filename, '-out', "$tempdir/cacert.pem")) { $errormessage = "$Lang::tr{'cant start openssl'}: $!"; @@ -1672,7 +1685,7 @@ END goto ROOTCERT_ERROR; } } else { # child - unless (exec ('/usr/bin/openssl', 'pkcs12', '-legacy', '-clcerts', '-nokeys', + unless (exec ('/usr/bin/openssl', 'pkcs12', '-clcerts', '-nokeys', '-in', $filename, '-out', "$tempdir/hostcert.pem")) { $errormessage = "$Lang::tr{'cant start openssl'}: $!"; @@ -1695,7 +1708,7 @@ END goto ROOTCERT_ERROR; } } else { # child - unless (exec ('/usr/bin/openssl', 'pkcs12', '-legacy', '-nocerts', + unless (exec ('/usr/bin/openssl', 'pkcs12', '-nocerts', '-nodes', '-in', $filename, '-out', "$tempdir/serverkey.pem")) { @@ -2157,7 +2170,10 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ if ($confighash{$cgiparams{'KEY'}}[22] eq '') {print CLIENTCONF "management localhost $confighash{$cgiparams{'KEY'}}[29]\n"} else {print CLIENTCONF "management localhost $confighash{$cgiparams{'KEY'}}[22]\n"}; print CLIENTCONF "# remsub $confighash{$cgiparams{'KEY'}}[11]\n"; - print CLIENTCONF "providers legacy default\n"; + if (&iscertlegacy("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]")) { + print CLIENTCONF "providers legacy default\n"; + } + close(CLIENTCONF); @@ -2229,10 +2245,18 @@ else # Extract the certificate # This system call is safe, because all arguments are passed as an array. - system('/usr/bin/openssl', 'pkcs12', '-legacy', '-in', "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", - '-clcerts', '-nokeys', '-nodes', '-out', "$file_crt" , '-passin', 'pass:'); - if ($?) { - die "openssl error: $?"; + if (&iscertlegacy("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]")) { + system('/usr/bin/openssl', 'pkcs12', '-legacy', '-in', "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", + '-clcerts', '-nokeys', '-nodes', '-out', "$file_crt" , '-passin', 'pass:'); + if ($?) { + die "openssl error: $?"; + } + } else { + system('/usr/bin/openssl', 'pkcs12', '-in', "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", + '-clcerts', '-nokeys', '-nodes', '-out', "$file_crt" , '-passin', 'pass:'); + if ($?) { + die "openssl error: $?"; + } } $zip->addFile("$file_crt", "$confighash{$cgiparams{'KEY'}}[1].pem") or die; @@ -2240,10 +2264,18 @@ else # Extract the key # This system call is safe, because all arguments are passed as an array. - system('/usr/bin/openssl', 'pkcs12', '-legacy', '-in', "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", - '-nocerts', '-nodes', '-out', "$file_key", '-passin', 'pass:'); - if ($?) { - die "openssl error: $?"; + if (&iscertlegacy("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]")) { + system('/usr/bin/openssl', 'pkcs12', '-legacy', '-in', "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", + '-nocerts', '-nodes', '-out', "$file_key", '-passin', 'pass:'); + if ($?) { + die "openssl error: $?"; + } + } else { + system('/usr/bin/openssl', 'pkcs12', '-in', "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", + '-nocerts', '-nodes', '-out', "$file_key", '-passin', 'pass:'); + if ($?) { + die "openssl error: $?"; + } } $zip->addFile("$file_key", "$confighash{$cgiparams{'KEY'}}[1].key") or die; @@ -2302,6 +2334,11 @@ else # If the server is asking for TOTP this needs to happen interactively print CLIENTCONF "auth-retry interact\r\n"; + # Add provider line if certificate is legacy type + if (&iscertlegacy("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]")) { + print CLIENTCONF "providers legacy default\r\n"; + } + if ($include_certs) { print CLIENTCONF "\r\n"; @@ -3298,7 +3335,10 @@ END print FILE "# Logfile\n"; print FILE "status-version 1\n"; print FILE "status /var/run/openvpn/$n2nname[0]-n2n 10\n"; - print FILE "providers legacy default\n"; + if (&iscertlegacy("${General::swroot}/ovpn/certs/$cgiparams{'n2nname'}")) { + print CLIENTCONF "providers legacy default\n"; + } + close FILE; unless(move("$tempdir/$uplconffilename", "${General::swroot}/ovpn/n2nconf/$n2nname[0]/$uplconffilename2")) { @@ -4245,7 +4285,7 @@ if ($cgiparams{'TYPE'} eq 'net') { # Create the pkcs12 file # The system call is safe, because all arguments are passed as an array. - system('/usr/bin/openssl', 'pkcs12', '-legacy', '-export', + system('/usr/bin/openssl', 'pkcs12', '-export', '-inkey', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem", '-in', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem", '-name', $cgiparams{'NAME'}, From patchwork Wed Jun 7 14:21:49 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 6932 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4QbqKl0Jd2z3wgN for ; Wed, 7 Jun 2023 14:22:03 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4QbqKf3Ncjz1nk; Wed, 7 Jun 2023 14:21:58 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4QbqKd55KJz30K3; Wed, 7 Jun 2023 14:21:57 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4QbqKc6fYCz2xtr for ; Wed, 7 Jun 2023 14:21:56 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4QbqKc4Knsz1F4; Wed, 7 Jun 2023 14:21:56 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1686147716; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=F40WIzC00i+1d7h9QO8YkxIvU4CVnVQmW7jGaUrYiLk=; b=A3cWDIdNi1vqUWYuRhAfnUuupb87zQjefD+sZTUN/QIioSQwP17kdf3+WQyvKn24zkr2tI fv/g2bvsaYTVXaCw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1686147716; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=F40WIzC00i+1d7h9QO8YkxIvU4CVnVQmW7jGaUrYiLk=; b=sYwOcJri2jLIApBN5Up4GHgKFTSPkBS7Y7dxfWzI2uW7xPoVQInrGVR2ncJu5Rum3LMyQR HjS6FEoWAw1EP618DRwWnsIjbfOebgIfmDIbVR4cjiXFC2E878+R0FDaKwK/QddG4wajJU Nd5PKXIZ6jk7n0HtPjBDFdGK1MIePeFQpN00DAg8KLZCS5nteplaqtpOM5WnjjpawIDue/ 4kmQRTcYHhP9AiJO5KRnDOeOEe9lI/u4rfJk5h+giPKTcfUP+PwtAR2n0FSOyjkmvk4PMn A/FpUIyIsbeLMPMqrkov982TxwgASAdejZQUJp+3RjIqgoaAa15lxgLKyVyO+w== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH 2/3] backup.pl: Remove the previous code for adding legacty provider to n2n Date: Wed, 7 Jun 2023 16:21:49 +0200 Message-Id: <20230607142150.18407-2-adolf.belka@ipfire.org> In-Reply-To: <20230607142150.18407-1-adolf.belka@ipfire.org> References: <20230607142150.18407-1-adolf.belka@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" - This code is no longer needed with the code in the ovpnmain.cgi patch in this patch set. Tested-by: Adolf Belka Signed-off-by: Adolf Belka --- config/backup/backup.pl | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/config/backup/backup.pl b/config/backup/backup.pl index 8d990c0f1..60138a58a 100644 --- a/config/backup/backup.pl +++ b/config/backup/backup.pl @@ -190,21 +190,6 @@ restore_backup() { # Update OpenVPN CRL /etc/fcron.daily/openvpn-crl-updater - # Update OpenVPN N2N Client Configs - ## Add providers legacy default line to n2n client config files - # Check if ovpnconfig exists and is not empty - if [ -s /var/ipfire/ovpn/ovpnconfig ]; then - # Identify all n2n connections - for y in $(awk -F',' '/net/ { print $3 }' /var/ipfire/ovpn/ovpnconfig); do - # Add the legacy option to all N2N client conf files if it does not already exist - if [ $(grep -c "Open VPN Client Config" /var/ipfire/ovpn/n2nconf/${y}/${y}.conf) -eq 1 ] ; then - if [ $(grep -c "providers legacy default" /var/ipfire/ovpn/n2nconf/${y}/${y}.conf) -eq 0 ] ; then - echo "providers legacy default" >> /var/ipfire/ovpn/n2nconf/${y}/${y}.conf - fi - fi - done - fi - return 0 } From patchwork Wed Jun 7 14:21:50 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 6933 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4QbqKm0Z0Mz3wgN for ; Wed, 7 Jun 2023 14:22:04 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4QbqKg64dkz3qM; Wed, 7 Jun 2023 14:21:59 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4QbqKg3dGpz2ykQ; Wed, 7 Jun 2023 14:21:59 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4QbqKd1mfPz2ykQ for ; Wed, 7 Jun 2023 14:21:57 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4QbqKc6glHz1Cb; Wed, 7 Jun 2023 14:21:56 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1686147717; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=gFgp3NI6MWZQF65uGtiGwMubRSqy55pMBJ6rTxrUoew=; b=ivmCJrrkR3cd63lqdT3GgTrEhqoyUzXxXudtUFwEjJ3jTW/wJCj2heNbechvoJn2uR/sck bEtR01Qhi450gQBw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1686147717; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=gFgp3NI6MWZQF65uGtiGwMubRSqy55pMBJ6rTxrUoew=; b=e6TqvCsaJFF661X91q/niH5PlXRjE0ux73+u940lih0YuIHi2ljpmar8d4/ZItcBXQ+JD9 G12vj16cXxxH1rJrDFhJmaq6dHW3jbGxqBqcVdnCf1jRVQ9MUGktC4454+4iJE+bQwwUoE EHr5SdXxAOyGdvpIHJw7sc2M2Shx3fhQsImZ+109+H+yyuMxCbu9OjtHpvjbzJMwx1VAN3 B7nwTFxho5tj1Nf7oMr5fviEjmHMO48AGz++T0VPyAWvwMN88W0LBh7zXVqpYs/XeG9MNc 9ev1w442ZyqTv4cyK8NHym2okAngxjFNf+swFRoLc5ALZOOqQ1FQL5RXcX0kGw== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH 3/3] update.sh: Remove code to add providers into n2n configs Date: Wed, 7 Jun 2023 16:21:50 +0200 Message-Id: <20230607142150.18407-3-adolf.belka@ipfire.org> In-Reply-To: <20230607142150.18407-1-adolf.belka@ipfire.org> References: <20230607142150.18407-1-adolf.belka@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" - This code is no longer required with the code changes in the ovpnmain.cgi patch in this patch set. Tested-by: Adolf Belka Signed-off-by: Adolf Belka --- config/rootfiles/core/175/update.sh | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/config/rootfiles/core/175/update.sh b/config/rootfiles/core/175/update.sh index 82676bc72..5e45c819f 100644 --- a/config/rootfiles/core/175/update.sh +++ b/config/rootfiles/core/175/update.sh @@ -177,20 +177,6 @@ if [ -e /boot/pakfire-kernel-update ]; then /boot/pakfire-kernel-update ${KVER} fi -## Add providers legacy default line to n2n client config files -# Check if ovpnconfig exists and is not empty -if [ -s /var/ipfire/ovpn/ovpnconfig ]; then - # Identify all n2n connections - for y in $(awk -F',' '/net/ { print $3 }' /var/ipfire/ovpn/ovpnconfig); do - # Add the legacy option to all N2N client conf files - if [ $(grep -c "Open VPN Client Config" /var/ipfire/ovpn/n2nconf/${y}/${y}.conf) -eq 1 ] ; then - if [ $(grep -c "providers legacy default" /var/ipfire/ovpn/n2nconf/${y}/${y}.conf) -eq 0 ] ; then - echo "providers legacy default" >> /var/ipfire/ovpn/n2nconf/${y}/${y}.conf - fi - fi - done -fi - # This update needs a reboot... touch /var/run/need_reboot