From mboxrd@z Thu Jan  1 00:00:00 1970
From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH 2/2] update.sh: Fixes bug#13548 - make key 41 contain no-pass
 for N2N connections
Date: Thu, 22 Feb 2024 13:43:39 +0100
Message-ID: <20240222124339.9847-2-adolf.belka@ipfire.org>
In-Reply-To: <20240222124339.9847-1-adolf.belka@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============2218598259914273946=="
List-Id: <development.lists.ipfire.org>

--===============2218598259914273946==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

- This code ensures that all existing N2N connections have no-pass in key 41 =
in place
   of disabled for some of them.
- Tested out and confirmed on my vm testbed.

Fixes: Bug#13548
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
 config/rootfiles/core/185/update.sh | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/config/rootfiles/core/185/update.sh b/config/rootfiles/core/185/=
update.sh
index 903fe1753..0a3fae638 100644
--- a/config/rootfiles/core/185/update.sh
+++ b/config/rootfiles/core/185/update.sh
@@ -88,6 +88,27 @@ telinit u
 /etc/init.d/unbound restart
 /etc/init.d/ntp start
=20
+## Modify ovpnconfig according to bug 13548 for no-pass entry for N2N client=
 connections
+# Check if ovpnconfig exists and is not empty
+if [ -s /var/ipfire/ovpn/ovpnconfig ]; then
+       # Add blank line at top of ovpnconfig otherwise the first roadwarrior=
 entry is treated like a blank line and missed out from update
+       awk 'NR=3D=3D1{print ""}1' /var/ipfire/ovpn/ovpnconfig > /var/ipfire/=
ovpn/tmp_file && mv /var/ipfire/ovpn/tmp_file /var/ipfire/ovpn/ovpnconfig
+
+       # Make all N2N connections 'no-pass' since they do not use encryption
+       awk '{FS=3DOFS=3D","} {if($5=3D=3D"net") {$43=3D"no-pass"; print $0}}=
' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new
+
+       # Copy all RW connections unchanged to the new ovpnconfig file
+       for y in $(awk -F',' '/host/ { print $3 }' /var/ipfire/ovpn/ovpnconfi=
g); do
+           awk -v var=3D"$y" '{FS=3DOFS=3D","} {if($3=3D=3Dvar) {print $0}}'=
 /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new
+
+       done
+fi
+
+# Replace existing ovpnconfig with updated index
+mv /var/ipfire/ovpn/ovpnconfig.new /var/ipfire/ovpn/ovpnconfig
+# Set correct ownership
+chown nobody:nobody /var/ipfire/ovpn/ovpnconfig
+
 # This update needs a reboot...
 #touch /var/run/need_reboot
=20
--=20
2.43.2


--===============2218598259914273946==--