From mboxrd@z Thu Jan 1 00:00:00 1970 From: ummeegge To: development@lists.ipfire.org Subject: Re: [PATCH 4/4] update.sh: Add and change new directives for OpenVPN 2.6.x . Date: Thu, 21 Mar 2024 16:50:08 +0100 Message-ID: <07bcca9bed7c37fe70f7426dea3b3ad43da73088.camel@ipfire.org> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2208226650735090784==" List-Id: --===============2208226650735090784== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Great idea Michael. Am Donnerstag, dem 21.03.2024 um 15:14 +0000 schrieb Michael Tremer: > Hello Erik, > > Thank you for the patchiest, but I have been working this week on > implementing this. > > You can find more details about this here: > >   https://www.ipfire.org/docs/roadmap/openvpn-26 > > I asked Adolf to post the patches that he had and which include parts > of your previous work to finally get this over the line. Various > people have been working on the OpenVPN code over the years creating > an absolute mess. The CGI file is by far the longest we have and very > difficult to edit without breaking anything else. So I have started a > large refactor (not rewrite) to get it into some state where we can > work on things better. > > That will be needed to implement the things outlined on the roadmap > page. NCP is only one of them. > > On that page, you can find my current development branch linked which > includes many changes so far, but it is not done, yet. > > -Michael > > > On 21 Mar 2024, at 12:29, ummeegge wrote: > > > > Hi all, > > this is a minimal solution of an update to OpenVPN 2.6.x IMO . This > > patch series should be a help for mainly Adolf (might be great if > > you > > go for a checkout) but please give it all a try and test it if it > > reaches the goal. > > > > Best, > > > > Erik > > > > Am Donnerstag, dem 21.03.2024 um 13:24 +0100 schrieb Erik Kapfer: > > > This process may should be continued with some of the following > > > updates to make sure the directives are > > > included even the update with this changes has over jumped ?! > > > otherwise, the "Advanced server options" page > > > needs to be saved via WUI to bring OpenVPN to life. > > > > > > Signed-off-by: Erik Kapfer > > > --- > > >  config/rootfiles/core/185/update.sh | 11 +++++++++++ > > >  1 file changed, 11 insertions(+) > > > > > > diff --git a/config/rootfiles/core/185/update.sh > > > b/config/rootfiles/core/185/update.sh > > > index 2c95c4102..247661481 100644 > > > --- a/config/rootfiles/core/185/update.sh > > > +++ b/config/rootfiles/core/185/update.sh > > > @@ -35,6 +35,17 @@ done > > >  /etc/init.d/ntp stop > > >  /etc/init.d/squid stop > > >   > > > +# OpenVPN add and change new 2.6.x directives for NCP. > > > +if pgrep openvpn > /dev/null; then > > > + /usr/local/bin/openvpnctrl -k > /dev/null > > > + sed -i 's/^ncp-disable/data-ciphers ChaCha20-Poly1305:AES- > > > 256-GCM/' /var/ipfire/ovpn/server.conf > > > + sed -i 's/^cipher/data-ciphers-fallback/' > > > /var/ipfire/ovpn/server.conf > > > + /usr/local/bin/openvpnctrl -s > /dev/null > > > +else > > > + sed -i 's/^ncp-disable/data-ciphers ChaCha20-Poly1305:AES- > > > 256-GCM/' /var/ipfire/ovpn/server.conf > > > + sed -i 's/^cipher/data-ciphers-fallback/' > > > /var/ipfire/ovpn/server.conf > > > +fi > > > + > > >  # Extract files > > >  extract_files > > >   > > > --===============2208226650735090784==--