[PATCH 1/2] backup: Update OpenVPN CRL

[PATCH 1/2] backup: Update OpenVPN CRL

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 748 bytes --]

After a backup is restored, the CRL might be out of data and client
won't be able to connect to the server any more.

This will immediately update the CRL should it require an update.

Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
---
 config/backup/backup.pl | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/config/backup/backup.pl b/config/backup/backup.pl
index 54957a814..6fd9e45bb 100644
--- a/config/backup/backup.pl
+++ b/config/backup/backup.pl
@@ -184,6 +184,9 @@ restore_backup() {
 	# move nobeeps if exist
 	[ -e "/var/ipfire/ppp/nobeeps" ] && mv /var/ipfire/ppp/nobeeps /var/ipfire/red/nobeeps
 
+	# Update OpenVPN CRL
+	/etc/fcron.daily/openvpn-crl-updater
+
 	return 0
 }
 
-- 
2.30.2

[PATCH 2/2] openvpnctrl: Update CRL before starting the client daemon

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 940 bytes --]

If the CRL is outdated for some reason (e.g. a backup restored from ISO
where we don't run the migration scripts), this will update it on
reboot/restart of the service.

Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
---
 src/misc-progs/openvpnctrl.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/misc-progs/openvpnctrl.c b/src/misc-progs/openvpnctrl.c
index b9e4fd2a6..92b5989e9 100644
--- a/src/misc-progs/openvpnctrl.c
+++ b/src/misc-progs/openvpnctrl.c
@@ -497,6 +497,8 @@ void startDaemon(void) {
 		fprintf(stderr, "OpenVPN is not enabled on any interface\n");
 		exit(1);
 	} else {
+		snprintf(command, STRING_SIZE-1, "/etc/fcron.daily/openvpn-crl-updater");
+		executeCommand(command);
 		snprintf(command, STRING_SIZE-1, "/sbin/modprobe tun");
 		executeCommand(command);
 		snprintf(command, STRING_SIZE-1, "/usr/sbin/openvpn --config /var/ipfire/ovpn/server.conf");
-- 
2.30.2