From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH 2/3] backup.pl: Remove the previous code for adding legacty provider to n2n Date: Sat, 10 Jun 2023 12:28:12 +0100 Message-ID: In-Reply-To: <5eddbfbc-1f0a-bdf9-36b5-80f9b783b487@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1645703277379138209==" List-Id: --===============1645703277379138209== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello, > On 10 Jun 2023, at 12:16, Adolf Belka wrote: >=20 > Hi Michael, >=20 > On 10/06/2023 12:16, Michael Tremer wrote: >> I did not merge this, as I believe we need this, because: >> We won=E2=80=99t rewrite the OpenVPN configuration files on update, so it = might be a good idea to just add the line and if someone edits the connection= it might be removed. > The code in the backup.pl put the line into the config irrespective of the = certificate being legacy or not. >=20 > With the ovpnmain.cgi code patch of this patch set, it now only adds the pr= oviders legacy default to the config file if the cert is legacy when download= ing the connection set. This is now done for both n2n and roadwarrior connect= ion sets. Yes, this is true, but we won=E2=80=99t run the CGI during the update. Any connections that have legacy certificates won=E2=80=99t work after instal= ling the new version of OpenSSL. So we need the legacy provider enabled (just= to be safe). >> That should work I believe and -legacy should not have any side effects wh= en enabled but not needed. > That is something I have not tested out but I think you are correct, it sho= uldn't have any side affects. >=20 > I think it is good to go now and I can always do any additional minor tunin= gs later in CU176 and onwards, otherwise we will be here for ever. I would rather like to get it right than being fast, but at this point I don= =E2=80=99t know what else we can do. So *fingers crossed*. Let=E2=80=99s release either tomorrow or Monday. Depending on how much I am g= oing to enjoy the nice weather this weekend :) -Michael >=20 > Regards, >=20 > Adolf. >> Best, >> -Michael >>> On 7 Jun 2023, at 15:21, Adolf Belka wrote: >>>=20 >>> - This code is no longer needed with the code in the ovpnmain.cgi patch i= n this patch set. >>>=20 >>> Tested-by: Adolf Belka >>> Signed-off-by: Adolf Belka >>> --- >>> config/backup/backup.pl | 15 --------------- >>> 1 file changed, 15 deletions(-) >>>=20 >>> diff --git a/config/backup/backup.pl b/config/backup/backup.pl >>> index 8d990c0f1..60138a58a 100644 >>> --- a/config/backup/backup.pl >>> +++ b/config/backup/backup.pl >>> @@ -190,21 +190,6 @@ restore_backup() { >>> # Update OpenVPN CRL >>> /etc/fcron.daily/openvpn-crl-updater >>>=20 >>> - # Update OpenVPN N2N Client Configs >>> - ## Add providers legacy default line to n2n client config files >>> - # Check if ovpnconfig exists and is not empty >>> - if [ -s /var/ipfire/ovpn/ovpnconfig ]; then >>> - # Identify all n2n connections >>> - for y in $(awk -F',' '/net/ { print $3 }' /var/ipfire/ovpn/ovpnco= nfig); do >>> - # Add the legacy option to all N2N client conf files if it do= es not already exist >>> - if [ $(grep -c "Open VPN Client Config" /var/ipfire/ovpn/n2nconf/${y}/$= {y}.conf) -eq 1 ] ; then >>> - if [ $(grep -c "providers legacy default" /var/ipfire/ovpn/n2nconf/${y}= /${y}.conf) -eq 0 ] ; then >>> - echo "providers legacy default" >> /var/ipfire/ovpn/n2nconf/${y}/${y}.c= onf >>> - fi >>> - fi >>> - done >>> - fi >>> - >>> return 0 >>> } >>>=20 >>> --=20 >>> 2.40.1 >>>=20 >=20 > --=20 > Sent from my laptop --===============1645703277379138209==--