From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH] OpenVPN: Added needed directive for v2.4 update Date: Thu, 15 Feb 2018 11:00:27 +0000 Message-ID: <1518692427.15001.40.camel@ipfire.org> In-Reply-To: <1518692211.3160.3.camel@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7626719752393727119==" List-Id: --===============7626719752393727119== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Hi, okay, that's fine. I will add this to the update script of that core update then. -Michael On Thu, 2018-02-15 at 11:56 +0100, ummeegge wrote: > Hi Michael, > > > Am Donnerstag, den 15.02.2018, 10:40 +0000 schrieb Michael Tremer: > > Hi, > > > > this looks good. I will merge this soon. > > > > How do we convert existing configuration files? > > i would do it like this: > > #!/bin/bash > > # Changed and new OpenVPN-2.4 directives will wrote to server.conf and renew > CRL while update an core update > if [ -e /var/ipfire/ovpn/server.conf ]; then > if pgrep openvpn >/dev/null; then > openvpnctrl -k > sed -i -e 's/script-security 3 system/script-security 3/' -e > '/status .*/ a ncp-disable' /var/ipfire/ovpn/server.conf > openssl ca -gencrl -keyfile /var/ipfire/ovpn/ca/cakey.pem -cert > /var/ipfire/ovpn/ca/cacert.pem -out /var/ipfire/ovpn/crls/cacrl.pem -config > /var/ipfire/ovpn/openssl/ovpn.cnf > openvpnctrl -s > else > sed -i -e 's/script-security 3 system/script-security 3/' -e > '/status .*/ a ncp-disable' /var/ipfire/ovpn/server.conf > openssl ca -gencrl -keyfile /var/ipfire/ovpn/ca/cakey.pem -cert > /var/ipfire/ovpn/ca/cacert.pem -out /var/ipfire/ovpn/crls/cacrl.pem -config > /var/ipfire/ovpn/openssl/ovpn.cnf > fi > fi > > # EOF > > > which includes also an update of the CRL to stay save also in that > manner > > > Best, > > Erik --===============7626719752393727119==--