From patchwork Mon Sep 25 16:41:51 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 7248 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4RvTDk5rpCz3wkw for ; Mon, 25 Sep 2023 16:42:14 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4RvTDh3ttCz1S8; Mon, 25 Sep 2023 16:42:12 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4RvTDh1WGQz306y; Mon, 25 Sep 2023 16:42:12 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4RvTDf732hz2xKH for ; Mon, 25 Sep 2023 16:42:10 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4RvTDf2vbCz18r; Mon, 25 Sep 2023 16:42:10 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1695660130; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=5jRn9H+lftsTgsPZwDO+Cym7veYhr9nvwn3FTQjRaJ4=; b=IrLmTv+c0/3F/Mkmu4F0lPzddg+TBQOQYouXG+mRirY3UDLM8iQYaNkng34zx5lsdrupxB 51R213V3kvd+KzAg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1695660130; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=5jRn9H+lftsTgsPZwDO+Cym7veYhr9nvwn3FTQjRaJ4=; b=UBM4xXsC06/mrqzS4eifZy0vq9iA+nk9eA0WdIcro7rayRIREivUD5Al7VHnlcGNB7rrso GFHe4YpLFkdp3/cmfDFltnS6zRLdk9b6YZ780rAhZ2lrxx5UFofz5KldxdzyQ1duQAdbnj Ank8eiKvme1MT1yC/7dWsUm+Y1L5dJU0H/WQrbGNUzFK//I9jZA8bOaewdt8hsD4XTVx+a jA+Ounq1yrr5BVZzPaA3YzDPQo9pgt/RIETv8p8WvLktkiN3wN+WWiSM7DLPxBxWU6i16c 2Z4D/yIZK4D+QYkLpFXWYrSjWCGuKOhRO2ZrrB0mXCOdIbUFv5xeNejMQvItqA== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH 1/6] ovpnmain.cgi: Fix for bug#11048 - insecure download icon shown for connections with a password Date: Mon, 25 Sep 2023 18:41:51 +0200 Message-ID: <20230925164204.3500045-1-adolf.belka@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" - At long last I have re-visited the patch submission for bug #11048 and fixed the issues that caused the problems last time I evaluated it in Testing. - The insecure package download icon is shown if entry 41 in /var/ipfire/ovpn/ovpnconfig is set to no-pass. The code block on ovpnmain.cgi that deals with this checks if the connection is a host and if the first password entry is a null. Then it adds no-pass to ovpnconfig. - The same block of code is also used for when he connection is edited. However at this stage the password entry is back to null because the password value is only kept until the connection has been saved. Therefore doing an edit results in the password value being taken as null even for connections with a password. - This fix enters no-pass if the connection type is host and the password is null, pass if the connection type is host and the password has characters. If the connection type is net then no-pass is used as net2net connections dop not have encrypted certificates. - The code has been changed to show a different icon for unencrypted and encrypted certificates. - Separate patches are provided for the language file change, the provision of a new icon and the code for the update.sh script for the Core Update to update all existing connections, if any exist, to have either pass or no-pass in index 41. - This patch set was a joint collaboration between Erik Kapfer and Adolf Belka - Patch set, including the code for the Core Update 180 update.sh script has been tested on a vm testbed Fixes: Bug#11048 Tested-by: Adolf Belka Suggested-by: Adolf Belka Suggested-by: Erik Kapfer Signed-off-by: Adolf Belka --- html/cgi-bin/ovpnmain.cgi | 75 +++++++++++++++++++++++---------------- 1 file changed, 44 insertions(+), 31 deletions(-) diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 5afe54f55..eb89c5095 100755 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -4370,9 +4370,15 @@ if ($cgiparams{'TYPE'} eq 'net') { $confighash{$key}[39] = $cgiparams{'DAUTH'}; $confighash{$key}[40] = $cgiparams{'DCIPHER'}; - if (($cgiparams{'TYPE'} eq 'host') && ($cgiparams{'CERT_PASS1'} eq "")) { - $confighash{$key}[41] = "no-pass"; - } + if ($confighash{$key}[41] eq "") { + if (($cgiparams{'TYPE'} eq 'host') && ($cgiparams{'CERT_PASS1'} eq "")) { + $confighash{$key}[41] = "no-pass"; + } elsif (($cgiparams{'TYPE'} eq 'host') && ($cgiparams{'CERT_PASS1'} ne "")) { + $confighash{$key}[41] = "pass"; + } elsif ($cgiparams{'TYPE'} eq 'net') { + $confighash{$key}[41] = "no-pass"; + } + } $confighash{$key}[42] = 'HOTP/T30/6'; $confighash{$key}[43] = $cgiparams{'OTP_STATE'}; @@ -5512,20 +5518,24 @@ END } - print <$active + if ($confighash{$key}[41] eq "pass") { + print <$active -
- - - -
+
+ + + + +
END - ; - if ($confighash{$key}[41] eq "no-pass") { + ; } elsif ($confighash{$key}[41] eq "no-pass") { print < + $active + +
@@ -5533,7 +5543,7 @@ END
END - } else { + ; } else { print " "; } @@ -5609,30 +5619,33 @@ END # If the config file contains entries, print Key to action icons if ( $id ) { print < - + + - - + + + + + + + + + + + + + + + + - - - - - - - - - - - - -
  $Lang::tr{'legend'}:  $Lang::tr{$Lang::tr{'click to disable'}    ?RELOAD$Lang::tr{'dl client arch insecure'}    ?RELOAD$Lang::tr{'dl client arch'}     $Lang::tr{ $Lang::tr{'show certificate'}    $Lang::tr{$Lang::tr{'show otp qrcode'}
      ?FLOPPY$Lang::tr{'download certificate'}  ?OFF$Lang::tr{'click to enable'}  $Lang::tr{$Lang::tr{'click to disable'}    $Lang::tr{ $Lang::tr{'edit'}     $Lang::tr{ $Lang::tr{'remove'}
    ?OFF$Lang::tr{'click to enable'}    ?FLOPPY$Lang::tr{'download certificate'}    ?RELOAD$Lang::tr{'dl client arch'}    $Lang::tr{$Lang::tr{'show otp qrcode'}

+ +
END ; } From patchwork Mon Sep 25 16:41:52 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 7249 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4RvTDm49mFz3wkw for ; Mon, 25 Sep 2023 16:42:16 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4RvTDh5RpDz3l9; Mon, 25 Sep 2023 16:42:12 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4RvTDh1zjzz2yxt; Mon, 25 Sep 2023 16:42:12 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4RvTDg148Dz2ySQ for ; Mon, 25 Sep 2023 16:42:11 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4RvTDf6RLLz1S8; Mon, 25 Sep 2023 16:42:10 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1695660131; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=qGBdQtM9LyP67u3Hi1xXa9vb2u8qst8g+mfebbr/wYY=; b=RN/X7E1bWgcRYh5LIpqCtbkXb+pm3GIZAXu+0Lqm/6KMxFK6HxNS4OpNokqGhbD3RdORVv VaddQoWuz/2JNxDw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1695660131; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=qGBdQtM9LyP67u3Hi1xXa9vb2u8qst8g+mfebbr/wYY=; b=rK7CXFxOgQUOPPyeNhWwPyUqAFIFS8k4yDRnKh37fw0DNVEq2RWVfqOgFp+J0nrZQ2ZOeX r8i/Gnu8U1ToljTfHgIGZEncWzPGUkwJU3DvWuzsnuj3ZoJnmSbK/sfHa1g7VsI0Khk/kR +mmBGywnFQvgbG6s8n0psg2BiS2FWO+Qy9qIPdb3q8t1EQvO8jB5UGVr1RxdLVzOJ6d6i4 wqRTjft2/UlIUGVuWlP4ptbVLL012NerWC5TEAyKbtanWHt3eaay9zD2CHPsZRcFaKc20g Wi2ZKgEXS7MmVogV554iG0hh0dyaQ3Hk7+gD1XiIS80gBrlX64qZblgwlv+AlQ== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH 2/6] de.pl: Change language text for secure icon wording Date: Mon, 25 Sep 2023 18:41:52 +0200 Message-ID: <20230925164204.3500045-2-adolf.belka@ipfire.org> In-Reply-To: <20230925164204.3500045-1-adolf.belka@ipfire.org> References: <20230925164204.3500045-1-adolf.belka@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Adolf Belka --- langs/de/cgi-bin/de.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 0c2f1af53..140806130 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -818,7 +818,7 @@ 'display hostname in window title' => 'Hostname im Fenstertitel anzeigen', 'display traffic at home' => 'Berechneten Traffic auf der Startseite anzeigen', 'display webinterface effects' => 'Überblendeffekte einschalten', -'dl client arch' => 'Client Paket herunterladen (zip)', +'dl client arch' => 'Verschlüsseltes Client Paket herunterladen (zip)', 'dl client arch insecure' => 'Ungesichertes Client-Paket herunterladen (zip)', 'dmz' => 'DMZ', 'dmz pinhole configuration' => 'Einstellungen des DMZ-Schlupfloches', From patchwork Mon Sep 25 16:41:53 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 7250 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4RvTDp4Pbxz3wkw for ; Mon, 25 Sep 2023 16:42:18 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4RvTDj2vndz1XP; Mon, 25 Sep 2023 16:42:13 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4RvTDj2NfJz2yvr; Mon, 25 Sep 2023 16:42:13 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4RvTDg2sMgz2ySQ for ; Mon, 25 Sep 2023 16:42:11 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4RvTDg16qfz18r; Mon, 25 Sep 2023 16:42:11 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1695660131; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=OrDQhoSDRVO1wPxV26tNh8nYk0TuEkG8H0bwsX3ecgk=; b=CJ5Apc8lQ33d/o28aR1+IfmT6ddm5jf+tu0qfc2lNE15S1QrxaaH9zuLH7YD+vfJvdf4OX OiDl8olORZMgwEBw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1695660131; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=OrDQhoSDRVO1wPxV26tNh8nYk0TuEkG8H0bwsX3ecgk=; b=nBYH5KCfY97kr25VUd5y18BOlh0qm2IYEYh5XjBmxXasVBkSH0YayLngBB5b3EH7Qc67fV Rx4n/e+ETXInzt+rsX+RitsR/WW8Fj1KNLfT3O31YaBxl6sdhQ+nmDQQgtnfz0oswqzZby srJeH7FvHLbP6ps/UiYtKc1d8B0uUF+E6VKqLW+Z1PkTdP9NgGJElEr/SGX1sjcBBac1r3 8niz4IN+ChDEHKhBkg8avihh6sBovCwdLReehJze26Mf+M6aJwMHTyvUzdGkmJFC2eH7zX oJx0OxmfJyddxLworLEUX8PfClC5w2OMYB6ANkclgstk0J8qI6k1OmbSYM/MVw== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH 3/6] en.pl: Change language text for secure icon wording Date: Mon, 25 Sep 2023 18:41:53 +0200 Message-ID: <20230925164204.3500045-3-adolf.belka@ipfire.org> In-Reply-To: <20230925164204.3500045-1-adolf.belka@ipfire.org> References: <20230925164204.3500045-1-adolf.belka@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Adolf Belka --- langs/en/cgi-bin/en.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 90d6f7739..7bbf7cd32 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -859,7 +859,7 @@ 'display hostname in window title' => 'Display hostname in window title', 'display traffic at home' => 'Display calculated traffic on startpage', 'display webinterface effects' => 'Activate effects', -'dl client arch' => 'Download Client Package (zip)', +'dl client arch' => 'Download Encrypted Client Package (zip)', 'dl client arch insecure' => 'Download insecure Client Package (zip)', 'dmz' => 'DMZ', 'dmz pinhole configuration' => 'DMZ pinhole configuration', From patchwork Mon Sep 25 16:41:54 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 7251 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4RvTDq0VtLz3wl7 for ; Mon, 25 Sep 2023 16:42:19 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4RvTDj3WTSz2WW; Mon, 25 Sep 2023 16:42:13 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4RvTDj2lS1z306y; Mon, 25 Sep 2023 16:42:13 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4RvTDg4bWWz2ySQ for ; Mon, 25 Sep 2023 16:42:11 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4RvTDg2vrHz1S8; Mon, 25 Sep 2023 16:42:11 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1695660131; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=HAqKKjysJwOJQRVmQYk4V39HI+MQkf1qRayGIltTt0U=; b=SCCUQchoSjrabUf0eNFN3CA+wc2E0Ck4o03J+cHtrtLpSxDnTG7NDD/v7HIXG0znkRbQBX xEfEwkhHYXZpb0Dw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1695660131; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=HAqKKjysJwOJQRVmQYk4V39HI+MQkf1qRayGIltTt0U=; b=ML7o/kLj1K9fRWlIgksKa1uduXefxDwYsF6ZUR+E7h3in9T+Hnv7rqk1Ni3a+7w1bl9slf rckHB2DGIIeXfbR37p0Z7WeVbazw/K/OEwkU+5YuNgwKVgnBWRtgJpYMKBXk+CkWJSdFYo 7g5LTMq9C8HBJ+UtZfInLgdiP3ln1s5p1Cm4XPXXjxclU9ou+wbOsg1399ja0gSzEESrvE zysdOYneRU/tvfSdQhm8nU/llTn1eOgk26guQ4VV4dIFzGgs8Hcw24Be/2BWQSPuglU/gk Wsk7wX4h/t/RoMSubZ78DnZ2TGVJphghPaoqVzVxd/o4AhNpamWBbLGclnnyPA== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH 4/6] nl.pl: Change language text for secure icon wording Date: Mon, 25 Sep 2023 18:41:54 +0200 Message-ID: <20230925164204.3500045-4-adolf.belka@ipfire.org> In-Reply-To: <20230925164204.3500045-1-adolf.belka@ipfire.org> References: <20230925164204.3500045-1-adolf.belka@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Adolf Belka --- langs/nl/cgi-bin/nl.pl | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/langs/nl/cgi-bin/nl.pl b/langs/nl/cgi-bin/nl.pl index 4da924a74..898d42d28 100644 --- a/langs/nl/cgi-bin/nl.pl +++ b/langs/nl/cgi-bin/nl.pl @@ -731,7 +731,8 @@ 'display hostname in window title' => 'Toon hostnaam in venstertitel', 'display traffic at home' => 'Toon netwerkverkeer op startpagina', 'display webinterface effects' => 'Activeer effecten', -'dl client arch' => 'Download clientpakket (zip)', +'dl client arch' => 'Download versleuteld clientpakket (zip)', +'dl client arch insecure' => 'Download onveilig clientpakket (zip)', 'dmz' => 'DMZ', 'dmz pinhole configuration' => 'DMZ pinhole configuratie', 'dmz pinhole rule added' => 'DMZ pinhole regel toegevoegd; DMZ regel wordt herstart.', From patchwork Mon Sep 25 16:41:55 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 7253 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4RvTDr1Yc6z3wvD for ; Mon, 25 Sep 2023 16:42:20 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4RvTDj5GR3z3qd; Mon, 25 Sep 2023 16:42:13 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4RvTDj38nHz2ySQ; Mon, 25 Sep 2023 16:42:13 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4RvTDh0nN9z2ySQ for ; Mon, 25 Sep 2023 16:42:12 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4RvTDg4gPWz18r; Mon, 25 Sep 2023 16:42:11 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1695660131; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=MDuD19iRtdgGeHD/RBqn/Ac4nWVK4ab/arcYxSfs1Ns=; b=o3hLXTDHP11+l2kMaP1P35ZU2X/BUJ4uqTB/XAA1lN/TztYfC0AjR1hT9mB9YQ9NFatatL mElpbMR7LPdKSTBw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1695660131; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=MDuD19iRtdgGeHD/RBqn/Ac4nWVK4ab/arcYxSfs1Ns=; b=pUX41wPhPJRGxc+1ExkXgKr7tzQcMxwOcb4r5pWJJzHfqKpxc9JPQV0czhXsDh4lIeno7a H14FkpnKUP/uArJJUrX1AbeZcSQgvjuLZu49tpl45/iOVI8gz8G7sg6Gx56rlgScj+X4+k K4haMcW3ts09BBoApKbN95QHnyc5xNfxumgllcYnRrMOHlp7b0fNlsESSVxexKobY25cVT ijW62+q+gtqb50wM2dNDquimVlo6Tmq5fLE5XPFlPYHHqq6ZUmGY6J7L0yFZ1LRevOPCzi cqTRbYLt4+pxy7xGuy9wsLocWzTg+TRG+pasdp/WLIanWGYwsAw/0fehraVcHQ== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH 5/6] web-user-interface: Addition of new icon for secure connection certificate download Date: Mon, 25 Sep 2023 18:41:55 +0200 Message-ID: <20230925164204.3500045-5-adolf.belka@ipfire.org> In-Reply-To: <20230925164204.3500045-1-adolf.belka@ipfire.org> References: <20230925164204.3500045-1-adolf.belka@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" - This uses a padlock icon from https://commons.wikimedia.org/wiki/File:Encrypted.png - The license for this image is the following:- This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but without any warranty; without even the implied warranty of merchantability or fitness for a particular purpose. See version 2.1 and version 3 of the GNU Lesser General Public License for more details. - Based on the above license I believe it can be used by IPFire covered by the GNU General Public License that is used for it. - The icon image was made by taking the existing openvpn.png file and superimposing the padlock icon on top of it as a 12x12 pixel format and naming it openvpn_encrypted.png Signed-off-by: Adolf Belka --- config/rootfiles/common/web-user-interface | 1 + html/html/images/openvpn_encrypted.png | Bin 0 -> 7004 bytes 2 files changed, 1 insertion(+) create mode 100644 html/html/images/openvpn_encrypted.png diff --git a/config/rootfiles/common/web-user-interface b/config/rootfiles/common/web-user-interface index 52f879d35..6c2a40cc2 100644 --- a/config/rootfiles/common/web-user-interface +++ b/config/rootfiles/common/web-user-interface @@ -235,6 +235,7 @@ srv/web/ipfire/html/images/off.gif srv/web/ipfire/html/images/on.gif srv/web/ipfire/html/images/openvpn.gif srv/web/ipfire/html/images/openvpn.png +srv/web/ipfire/html/images/openvpn_encrypted.png srv/web/ipfire/html/images/package-x-generic.png srv/web/ipfire/html/images/printer-error.png srv/web/ipfire/html/images/printer.png diff --git a/html/html/images/openvpn_encrypted.png b/html/html/images/openvpn_encrypted.png new file mode 100644 index 0000000000000000000000000000000000000000..873c6c46113df0b973022c9c0f3a01cba19c0fbd GIT binary patch literal 7004 zcmeHKc{J4h_aFOO_9gXbnigAQHq4kzw!tXMmaH)=BQwLyFry?{LbM1GQiyih+AL9) z$W{_XNGVHsEM-gb`%q6$&+qp==XaiSe!u^kIiKym?|r@Reck)M=lzbe+hw&%QcV&B z0(ig!z#n_^qUwNZjFklfBAuwQ*3fQ*S?oHReWBRZeQLs6EL8bvrK$yBizpU`1%ZnMj!y61AJ!0SJ4j!8q` zxPd^DSh~5not-a>%i{R50>IYh=6{6(1dw^|4A04_OF5>kl6N4x1+J)NK3=&BT#3HY zjwhzA@zxYtjnXUHkRvE(ffrUXjev+I9EB7?jzx!iKTtmfzEJC}Xm1~aDt6|+dsms7 z+P~iC(Ejt4vpApeL!D)yQx%K%D!49^;d)u&>)*WFaWdgpK6ybvdIBWW4Dv2Uq6E!w zHQ|Kq>denJi3)QN@o+S+RtJPWUJ*IWomjF?PkEpc+b$gUBBG^{5_i|G_R7l$>7qlH zwH<6T1EO9!jDH{&3E>6-^*RVP&f?UhrL zpl{qEoib{8%suk$tVsHExv4nHS0;AwJTNL)_vrxzXq=yO&> zQ{NmFmWVITmtwjg_G;S&{H`NTsa+5p?AjilBP$@!F)0;Ve2P9Cijl3V5Pu$5cW-Iy zaDT}|>YL3;8FPlM&`k-g@>3P+KgW#rA~pKQ4-tQ~VT8+%#ei#k@s zGrYho@(IpYF+CzIrmsfaCgMsV^7^WbYUvjuGm$l~Qvx6rYORq{17iV79y04Adj_N? zg60g21dU^Sl$Fv4$}FI?F8G;Y|RD_17p z8_P8JGV8ZIncMFTS5>nVBS%iwfRTMD-WYW}O503oKz?AufKnpCNuygnGS1_TC`oA&GbtIEJa=M~ zdAr8FL=wTQJ-D6N9@36$*Fm1WZX3MCDoJE;Y;enz#T0qUUE)|&QPfFccTy$(IKI60 zRIQYC#l7bvxJBd}OQOAjy_#mK=36J}Ju#!^w)to5s&Z!>eJE54 zlv+dOQ1(;W8csZsO*d$XIkQ72_uPfv?8;QfGn~Y?4UDAyiEB@1BzZx`x3(q1&ahId zpiBFX6uizpl~d@LZ9b3)*=B3#;HnbJ?1-yu*43d(m9sYWLHmDi2F8oh;7%_(~&nSL& zv1>5tN(%idJ#s_{wFc!?B3PnZ(%&-O;`(0y{hh51%2~=EpjhZWH#HabRvDMRTRAQw zE{vkl+h2Sc&IrFXQBRLIyjeN(-X9_;6d~S1cKSjl7?JRCW zq^cC;7ld{hbQz+z-MPga>XqZcW=XSQGHXu0Q-7|0689XZfXl%7R9vs<lEu}9%!ciEVY=&W=whP@P0gy9NiJy(W&R*=FzQ{B@K)2N-8*=m9#yLc*;H* zQQXa({_{C1)Hsa1CHWq*#L+})(PmmAC^{oL*Y$*}zALMwreybf!q5c!3wxS#=iRQs zkoSkmMQ}#!VNuJzjEwkA$L1_*+&|vwU|KNVF~|C8MU3&=yX!u_*}pk|bIRuRJ6!X+ z?jsiRM>C?wBzhK_t~agzSpD(!*xiz6^r1xd$W+Btk*7d;x6ZIqozhL-qd)Jv(Oq53 zV+yVA`doZmb(M4TecvAkjh!_1^cMu)p!Z%XW%b;@xA<|$QT)edYJ3WZ&C$W?x!0u&S~jd7t6u(;5LAD%h%YL>Ta?%eS9M$F5p$WEDsZcRqrnB76~D?eiyFm0yEs2M zqSba~ZJV>v+QV6spH%a7wx9)$H`q9Rl8+W+Le{Ri3p{A`f9LFrXAQG z^Xb4g*u~ZcOJ*^2i4+!zs>^2t0Q+MQ$jF!?a#iAjaDzjrdpqfI;OF!F+~4lY`~sAS<|7;C)#PgMe35 zxchMs7h5~9Ig3pN>*?z0!l4#?dN2~QT@q}>rqHksc*`FUz!whU%jE`OVK5$#r^`d> zve-T_grT7!432~$kx)Pb$_Zg|iF_!NvvC>XI|iQ0A+zZLTsn&hUdAMnSV3GI1OkkM z|MHI!U~Bsmp2_*a0>B51PYi$|bm1@t1NN&0hiefGfc$XiKU#2{fYSubfy!Y8vB^}6 zU@DWl@mB~6`KNtA5Ziwx910mm^`|lbRSqyK;vZ95S=-wEv{#2chbEU! z`?_KEmaQ!o&mspcyJwBZL6+yoQdnd<1-tSJN01E+ zFl00o2`3ps^=JqR6hkHfH=;fjV*p1O67`9{Kv^?6Tq2W9U4{a{b?E>O(Ey1?Q_#SM zfwBx?NTxtZBpMNFK+;2_Cpct5?fV6ab2X(lbO;_4T1hA_flC zBf<5dL^u)+r5IqSR1(bqi9w@RpeSUlC5z1<0_mhPh(1(U0Mln>V3}~Nshu?rg4Bio zEwS?_a%q484q`)R2J!zMaH2D)j$Gn0n+OAp9twdlKRDakUxF2KGcv(G=!qaWCJP!rB5Ow{u?@nMdR{_Y^tdbz$3sFP@XGXfi+hWrS(r= zc)rx-EC7T-fztS!Fufmy!F~h`TkaWuMQjB7ADkGiDE!i70K4xppm_nk5cabf{@`r6 z?fgIfe&pi+aRvbT_ay&{-`{lort4oZ@UN7ASJ!X4{uKlNO8Iwn{h!e#`S)>($^>>n zJm9cY0ym2X4qBq5omP0z((?a8<)tJ*A`w7v<$yp^3d@%OC_PgZ5Q=fFZ7sxxMC8O3 zA@Zx{*MLBR`>gS%PM9V}(r$tiQL*lD|7;ej8{@2rPbYY5YqWU%GT zZsgf!kKmz*2Z7LTbCSBv}QlN?q*>FXVr*|lkGDKE*fbL}DDO7!fFT{g^z3rB|-2YFRN z0;MnSHm^UNVB8*`8}AJr?N!Lk^^9um^&CpOwMIhxMiA&C&2D35L+7*DEUnrWy6?DI z)wp@vNs*n&`&3Lus*hx;TaH4)9zpxUcEP^{st0`(MS4VjGf(X-@w!2=?UW`=uV@NC6sJO(jS>N-0 z!;$yZN06pbkJmmaJZX3-%Y_4dnX>LMGQ=(Td7)D;2&!@C{*kJD=jI_oOI=)d|L~W} zyVsiVd(>b~@gCNNdTV|3Q+pv1NRNZ?dM#YTbDi>g+y~(Yj-0n9HOfzUq?6^5H&s>r z-UekSb>^2n-sm?WNysqMRB0f7l6qCXc-q5s^0JT2!$4D~fw`d9D)!p);&VI538vx# zc_Okp;w25={y0-Xmdo2j5GWSis!Fy?kxRI(N-kVojZBkHK69nbZ`9}lR=Q_XtgLvv zzFNPG@I+{|j(~83MPW!RKeO^#19qombsYp=|5|6y(TlPQljj?2it4-l+Lg;IB{x7! zgbgZlg X-Patchwork-Id: 7252 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4RvTDq71cdz3wkw for ; Mon, 25 Sep 2023 16:42:19 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4RvTDj6WySz3r2; Mon, 25 Sep 2023 16:42:13 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4RvTDj3bypz306n; Mon, 25 Sep 2023 16:42:13 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4RvTDh2SWzz2yVy for ; Mon, 25 Sep 2023 16:42:12 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4RvTDh0rSjz1S8; Mon, 25 Sep 2023 16:42:12 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1695660132; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=HYf7m8xDBwtkgtfsawqgH5fafo3bxytCGhN8fK1J2/g=; b=f+wYexI4Q8cLrmq/x+NoDC9BNhCA++AFqEK+2gZGY7npzhwIiXQmowWkqYq15MdkxxO8S1 8/ZbBMiXWl8dUVDA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1695660132; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=HYf7m8xDBwtkgtfsawqgH5fafo3bxytCGhN8fK1J2/g=; b=mAB8R0JbsbAx/Ez+sYXxcE2yEftRRZQBFyoGsZzym4zgqudoTTf3l0NstY8L4e1759tlgW uchehhP/CpSFOt7bYXokSxv6NKX9PjfH1tVKD63Fk9KXgpMUYJnF0e0Kk3adU/xvfrKyzP c90kF9d7wr0F9gs6RiYNcCXqvpJRSwSGjD8dnWDaj2s3Ykx1YHQoJXMh27zO7IfMzY6WM7 WOrsbVzUaOrDSgA3Kz5ip9DHqNcais0T65y3ohDc2c0prKy0+XEpwnQi0aU3PNpbDtx7qJ pKWesD857U/6AzxHCGXPLA7MpdFj+MT8BSHRGlc25HK9iX7fM4+NL3oYGqWKhw== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH 6/6] update.sh: Adds code to update an existing ovpnconfig with pass or no-pass Date: Mon, 25 Sep 2023 18:41:56 +0200 Message-ID: <20230925164204.3500045-6-adolf.belka@ipfire.org> In-Reply-To: <20230925164204.3500045-1-adolf.belka@ipfire.org> References: <20230925164204.3500045-1-adolf.belka@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" - The code checks first if ovpnconfig exists and is not empty. - Then it makes all net2net connections no-pass since they do not use encryption - Then it cycles through all .p12 files and checks with openssl if a password exists or not. If a password is present then pass is added to index 41 and if not then no-pass is added to index 41 - I had to add a blank line to the top of the ovpnconfig file otherwise the awk code treated the first line as a blank line and missed it out of the update. This was the problem that was discovered during the previous Testing Release evaluation. Tested out this time with several existing entries both encrypted and insecure and with additional entries of both added in afterwards and all connection entries were maintained - road warrior and net2net. - This code should be left in update.sh for future Core Updates in case people don't update with Core Update 175 but leave it till later. This code works fine on code that already has pass or no-pass entered into index 41 in ovpnconfig Fixes: Bug#11048 Suggested-by: Erik Kapfer Suggested-by: Adolf Belka Tested-by: Adolf Belka Signed-off-by: Adolf Belka --- config/rootfiles/core/180/update.sh | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/config/rootfiles/core/180/update.sh b/config/rootfiles/core/180/update.sh index b538832bf..1f74e2f98 100644 --- a/config/rootfiles/core/180/update.sh +++ b/config/rootfiles/core/180/update.sh @@ -65,6 +65,33 @@ fi /etc/rc.d/init.d/udev restart /etc/rc.d/init.d/suricata restart +## Modify ovpnconfig according to bug 11048 for pass, no-pass modification in ovpnconfig index +# Check if ovpnconfig exists and is not empty +if [ -s /var/ipfire/ovpn/ovpnconfig ]; then + # Add blank line at top of ovpnconfig otherwise the first roadwarrior entry is treated like a blank line and missed out from update + awk 'NR==1{print ""}1' /var/ipfire/ovpn/ovpnconfig > /var/ipfire/ovpn/tmp_file && mv /var/ipfire/ovpn/tmp_file /var/ipfire/ovpn/ovpnconfig + + # Make all N2N connections 'no-pass' since they do not use encryption + awk '{FS=OFS=","} {if($5=="net") {$43="no-pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new + + # Evaluate roadwarrior connection names for *.p12 files + for y in $(awk -F',' '/host/ { print $3 }' /var/ipfire/ovpn/ovpnconfig); do + # Sort all unencrypted roadwarriors out and set 'no-pass' in [43] index + if [[ -n $(openssl pkcs12 -info -in /var/ipfire/ovpn/certs/${y}.p12 -noout -password pass:'' 2>&1 | grep 'Encrypted data') ]]; then + awk -v var="$y" '{FS=OFS=","} {if($3==var) {$43="no-pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new + fi + # Sort all encrypted roadwarriors out and set 'pass' in [43] index + if [[ -n $(openssl pkcs12 -info -in /var/ipfire/ovpn/certs/${y}.p12 -noout -password pass:'' 2>&1 | grep 'verify error') ]]; then + awk -v var="$y" '{FS=OFS=","} {if($3==var) {$43="pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new + fi + done +fi + +# Replace existing ovpnconfig with updated index +mv /var/ipfire/ovpn/ovpnconfig.new /var/ipfire/ovpn/ovpnconfig +# Set correct ownership +chown nobody:nobody /var/ipfire/ovpn/ovpnconfig + # This update needs a reboot... #touch /var/run/need_reboot