Re: [PATCH 2/3] backup.pl: Remove the previous code for adding legacty provider to n2n

[Adolf Belka <adolf.belka@ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 2598 bytes --]

Hi Michael,

On 10/06/2023 12:16, Michael Tremer wrote:
> I did not merge this, as I believe we need this, because:
> 
> We won’t rewrite the OpenVPN configuration files on update, so it might be a good idea to just add the line and if someone edits the connection it might be removed.
The code in the backup.pl put the line into the config irrespective of 
the certificate being legacy or not.

With the ovpnmain.cgi code patch of this patch set, it now only adds the 
providers legacy default to the config file if the cert is legacy when 
downloading the connection set. This is now done for both n2n and 
roadwarrior connection sets.
> 
> That should work I believe and -legacy should not have any side effects when enabled but not needed.
That is something I have not tested out but I think you are correct, it 
shouldn't have any side affects.

I think it is good to go now and I can always do any additional minor 
tunings later in CU176 and onwards, otherwise we will be here for ever.

Regards,

Adolf.
> 
> Best,
> -Michael
> 
>> On 7 Jun 2023, at 15:21, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
>>
>> - This code is no longer needed with the code in the ovpnmain.cgi patch in this patch set.
>>
>> Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
>> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
>> ---
>> config/backup/backup.pl | 15 ---------------
>> 1 file changed, 15 deletions(-)
>>
>> diff --git a/config/backup/backup.pl b/config/backup/backup.pl
>> index 8d990c0f1..60138a58a 100644
>> --- a/config/backup/backup.pl
>> +++ b/config/backup/backup.pl
>> @@ -190,21 +190,6 @@ restore_backup() {
>> # Update OpenVPN CRL
>> /etc/fcron.daily/openvpn-crl-updater
>>
>> - # Update OpenVPN N2N Client Configs
>> - ## Add providers legacy default line to n2n client config files
>> - # Check if ovpnconfig exists and is not empty
>> - if [ -s /var/ipfire/ovpn/ovpnconfig ]; then
>> -       # Identify all n2n connections
>> -       for y in $(awk -F',' '/net/ { print $3 }' /var/ipfire/ovpn/ovpnconfig); do
>> -           # Add the legacy option to all N2N client conf files if it does not already exist
>> - if [ $(grep -c "Open VPN Client Config" /var/ipfire/ovpn/n2nconf/${y}/${y}.conf) -eq 1 ] ; then
>> - if [ $(grep -c "providers legacy default" /var/ipfire/ovpn/n2nconf/${y}/${y}.conf) -eq 0 ] ; then
>> - echo "providers legacy default" >> /var/ipfire/ovpn/n2nconf/${y}/${y}.conf
>> - fi
>> - fi
>> -       done
>> - fi
>> -
>> return 0
>> }
>>
>> -- 
>> 2.40.1
>>
> 

-- 
Sent from my laptop