[PATCH 1/2] ovpnmain.cgi: Fixes bug#13548 - imported N2N client connections get disabled instead of no-pass

[PATCH 1/2] ovpnmain.cgi: Fixes bug#13548 - imported N2N client connections get disabled instead of no-pass

[Adolf Belka]

[-- Attachment #1: Type: text/plain, Size: 1286 bytes --]

- When bug#11408 was fixed it was missed that key 41 has disabled inserted into it when
   uploading into the N2N client. This replaced the no-pass entry for all N2N connections
   resulting in the ovpnmain.cgi not being able to show the status correctly as the code
   looks for pass or no-pass.
- The disabled entry has been present for a very long time and is not utilised anywhere
   in the code.
- This fix ensures that key 41 in the uploaded N2N connection has no-pass entered
- Tested out and confirmed in my vm testbed.

Fixes: Bug#13548
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
 html/cgi-bin/ovpnmain.cgi | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index eb89c5095..b773bc4b7 100755
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -3472,7 +3472,7 @@ foreach my $dkey (keys %confighash) {
 	$confighash{$key}[31] = $n2ntunmtu[1];
 	$confighash{$key}[39] = $n2nauth[1];
 	$confighash{$key}[40] = $n2ncipher[1];
-	$confighash{$key}[41] = 'disabled';
+	$confighash{$key}[41] = 'no-pass';
 
   &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
 
-- 
2.43.2

[PATCH 2/2] update.sh: Fixes bug#13548 - make key 41 contain no-pass for N2N connections

[Adolf Belka]

[-- Attachment #1: Type: text/plain, Size: 1979 bytes --]

- This code ensures that all existing N2N connections have no-pass in key 41 in place
   of disabled for some of them.
- Tested out and confirmed on my vm testbed.

Fixes: Bug#13548
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
 config/rootfiles/core/185/update.sh | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/config/rootfiles/core/185/update.sh b/config/rootfiles/core/185/update.sh
index 903fe1753..0a3fae638 100644
--- a/config/rootfiles/core/185/update.sh
+++ b/config/rootfiles/core/185/update.sh
@@ -88,6 +88,27 @@ telinit u
 /etc/init.d/unbound restart
 /etc/init.d/ntp start
 
+## Modify ovpnconfig according to bug 13548 for no-pass entry for N2N client connections
+# Check if ovpnconfig exists and is not empty
+if [ -s /var/ipfire/ovpn/ovpnconfig ]; then
+       # Add blank line at top of ovpnconfig otherwise the first roadwarrior entry is treated like a blank line and missed out from update
+       awk 'NR==1{print ""}1' /var/ipfire/ovpn/ovpnconfig > /var/ipfire/ovpn/tmp_file && mv /var/ipfire/ovpn/tmp_file /var/ipfire/ovpn/ovpnconfig
+
+       # Make all N2N connections 'no-pass' since they do not use encryption
+       awk '{FS=OFS=","} {if($5=="net") {$43="no-pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new
+
+       # Copy all RW connections unchanged to the new ovpnconfig file
+       for y in $(awk -F',' '/host/ { print $3 }' /var/ipfire/ovpn/ovpnconfig); do
+           awk -v var="$y" '{FS=OFS=","} {if($3==var) {print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new
+
+       done
+fi
+
+# Replace existing ovpnconfig with updated index
+mv /var/ipfire/ovpn/ovpnconfig.new /var/ipfire/ovpn/ovpnconfig
+# Set correct ownership
+chown nobody:nobody /var/ipfire/ovpn/ovpnconfig
+
 # This update needs a reboot...
 #touch /var/run/need_reboot
 
-- 
2.43.2