From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH 4/4] update.sh: Add and change new directives for OpenVPN 2.6.x . Date: Thu, 21 Mar 2024 15:14:56 +0000 Message-ID: In-Reply-To: <0809af3df7b855856b99a09f5d63d9a36a75992a.camel@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5955874459401446136==" List-Id: --===============5955874459401446136== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello Erik, Thank you for the patchiest, but I have been working this week on implementin= g this. You can find more details about this here: https://www.ipfire.org/docs/roadmap/openvpn-26 I asked Adolf to post the patches that he had and which include parts of your= previous work to finally get this over the line. Various people have been wo= rking on the OpenVPN code over the years creating an absolute mess. The CGI f= ile is by far the longest we have and very difficult to edit without breaking= anything else. So I have started a large refactor (not rewrite) to get it in= to some state where we can work on things better. That will be needed to implement the things outlined on the roadmap page. NCP= is only one of them. On that page, you can find my current development branch linked which include= s many changes so far, but it is not done, yet. -Michael > On 21 Mar 2024, at 12:29, ummeegge wrote: >=20 > Hi all, > this is a minimal solution of an update to OpenVPN 2.6.x IMO . This > patch series should be a help for mainly Adolf (might be great if you > go for a checkout) but please give it all a try and test it if it > reaches the goal. >=20 > Best, >=20 > Erik >=20 > Am Donnerstag, dem 21.03.2024 um 13:24 +0100 schrieb Erik Kapfer: >> This process may should be continued with some of the following >> updates to make sure the directives are >> included even the update with this changes has over jumped ?! >> otherwise, the "Advanced server options" page >> needs to be saved via WUI to bring OpenVPN to life. >>=20 >> Signed-off-by: Erik Kapfer >> --- >> config/rootfiles/core/185/update.sh | 11 +++++++++++ >> 1 file changed, 11 insertions(+) >>=20 >> diff --git a/config/rootfiles/core/185/update.sh >> b/config/rootfiles/core/185/update.sh >> index 2c95c4102..247661481 100644 >> --- a/config/rootfiles/core/185/update.sh >> +++ b/config/rootfiles/core/185/update.sh >> @@ -35,6 +35,17 @@ done >> /etc/init.d/ntp stop >> /etc/init.d/squid stop >> =20 >> +# OpenVPN add and change new 2.6.x directives for NCP. >> +if pgrep openvpn > /dev/null; then >> + /usr/local/bin/openvpnctrl -k > /dev/null >> + sed -i 's/^ncp-disable/data-ciphers ChaCha20-Poly1305:AES- >> 256-GCM/' /var/ipfire/ovpn/server.conf >> + sed -i 's/^cipher/data-ciphers-fallback/' >> /var/ipfire/ovpn/server.conf >> + /usr/local/bin/openvpnctrl -s > /dev/null >> +else >> + sed -i 's/^ncp-disable/data-ciphers ChaCha20-Poly1305:AES- >> 256-GCM/' /var/ipfire/ovpn/server.conf >> + sed -i 's/^cipher/data-ciphers-fallback/' >> /var/ipfire/ovpn/server.conf >> +fi >> + >> # Extract files >> extract_files >> =20 >=20 --===============5955874459401446136==--