From mboxrd@z Thu Jan  1 00:00:00 1970
From: ummeegge <ummeegge@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH] OpenVPN: Added needed directive for v2.4 update
Date: Thu, 15 Feb 2018 11:56:51 +0100
Message-ID: <1518692211.3160.3.camel@ipfire.org>
In-Reply-To: <1518691249.15001.27.camel@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============8651233720707469085=="
List-Id: <development.lists.ipfire.org>

--===============8651233720707469085==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hi Michael,


Am Donnerstag, den 15.02.2018, 10:40 +0000 schrieb Michael Tremer:
> Hi,
>=20
> this looks good. I will merge this soon.
>=20
> How do we convert existing configuration files?

i would do it like this:

#!/bin/bash

# Changed and new OpenVPN-2.4 directives will wrote to server.conf and renew =
CRL while update an core update
if [ -e /var/ipfire/ovpn/server.conf ]; then
	if pgrep openvpn >/dev/null; then
		openvpnctrl -k
		sed -i -e 's/script-security 3 system/script-security 3/' -e '/status .*/ a=
 ncp-disable' /var/ipfire/ovpn/server.conf
		openssl ca -gencrl -keyfile /var/ipfire/ovpn/ca/cakey.pem -cert /var/ipfire=
/ovpn/ca/cacert.pem -out /var/ipfire/ovpn/crls/cacrl.pem -config /var/ipfire/=
ovpn/openssl/ovpn.cnf
		openvpnctrl -s
	else
		sed -i -e 's/script-security 3 system/script-security 3/' -e '/status .*/ a=
 ncp-disable' /var/ipfire/ovpn/server.conf
		openssl ca -gencrl -keyfile /var/ipfire/ovpn/ca/cakey.pem -cert /var/ipfire=
/ovpn/ca/cacert.pem -out /var/ipfire/ovpn/crls/cacrl.pem -config /var/ipfire/=
ovpn/openssl/ovpn.cnf
=C2=A0=C2=A0=C2=A0     fi
fi

# EOF


which includes also an update of the CRL to stay save also in that
manner


Best,

Erik

--===============8651233720707469085==--