From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH 2/2] update.sh: Fixes bug#13548 - make key 41 contain no-pass for N2N connections
Date: Thu, 22 Feb 2024 13:43:39 +0100 [thread overview]
Message-ID: <20240222124339.9847-2-adolf.belka@ipfire.org> (raw)
In-Reply-To: <20240222124339.9847-1-adolf.belka@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 1979 bytes --]
- This code ensures that all existing N2N connections have no-pass in key 41 in place
of disabled for some of them.
- Tested out and confirmed on my vm testbed.
Fixes: Bug#13548
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
config/rootfiles/core/185/update.sh | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/config/rootfiles/core/185/update.sh b/config/rootfiles/core/185/update.sh
index 903fe1753..0a3fae638 100644
--- a/config/rootfiles/core/185/update.sh
+++ b/config/rootfiles/core/185/update.sh
@@ -88,6 +88,27 @@ telinit u
/etc/init.d/unbound restart
/etc/init.d/ntp start
+## Modify ovpnconfig according to bug 13548 for no-pass entry for N2N client connections
+# Check if ovpnconfig exists and is not empty
+if [ -s /var/ipfire/ovpn/ovpnconfig ]; then
+ # Add blank line at top of ovpnconfig otherwise the first roadwarrior entry is treated like a blank line and missed out from update
+ awk 'NR==1{print ""}1' /var/ipfire/ovpn/ovpnconfig > /var/ipfire/ovpn/tmp_file && mv /var/ipfire/ovpn/tmp_file /var/ipfire/ovpn/ovpnconfig
+
+ # Make all N2N connections 'no-pass' since they do not use encryption
+ awk '{FS=OFS=","} {if($5=="net") {$43="no-pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new
+
+ # Copy all RW connections unchanged to the new ovpnconfig file
+ for y in $(awk -F',' '/host/ { print $3 }' /var/ipfire/ovpn/ovpnconfig); do
+ awk -v var="$y" '{FS=OFS=","} {if($3==var) {print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new
+
+ done
+fi
+
+# Replace existing ovpnconfig with updated index
+mv /var/ipfire/ovpn/ovpnconfig.new /var/ipfire/ovpn/ovpnconfig
+# Set correct ownership
+chown nobody:nobody /var/ipfire/ovpn/ovpnconfig
+
# This update needs a reboot...
#touch /var/run/need_reboot
--
2.43.2
prev parent reply other threads:[~2024-02-22 12:43 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-22 12:43 [PATCH 1/2] ovpnmain.cgi: Fixes bug#13548 - imported N2N client connections get disabled instead of no-pass Adolf Belka
2024-02-22 12:43 ` Adolf Belka [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240222124339.9847-2-adolf.belka@ipfire.org \
--to=adolf.belka@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox