From: Adolf Belka <adolf.belka@ipfire.org>
To: Stefan Schantl <stefan.schantl@ipfire.org>
Cc: "IPFire: Development-List" <development@lists.ipfire.org>
Subject: Re: [PATCH] ovpnmain.cgi: Apply default settings when neccessary
Date: Sat, 23 Aug 2025 14:55:19 +0200 [thread overview]
Message-ID: <aa387796-97cd-4718-960b-ed74567d28cb@ipfire.org> (raw)
In-Reply-To: <20250819183916.5083-1-stefan.schantl@ipfire.org>
Hi Stefan,
I tried out the CU197 Testing update with this patch in place. It works fine for a new install, where there is no existing settings file but for updates or when a restore from an old backup is being done then a settings file already exists and then the default settings are not applied and this results in the settings file having no CIPHERS entry but having a fallback DCIPHER entry.
In the update where the OpenVPN RW server is stopped before updating and started again afterwards this causes the server to fail to start as there is no CIPHER entry. When a restore from backup is done then the same thing happens with no CIPHERS entry, just a DCIPHER one but as the server is running when the restore is done, it stays running with the old settings but if the Save button is pressed then it Stops because the settings file now has no CIPHERS entry.
Not sure how to fix this at the moment. Maybe it needs to be if the settings file exists and it contains a CIPHERS entry but I am not sure that is the right approach or not.
Regards,
Adolf.
On 19/08/2025 20:39, Stefan Schantl wrote:
> Only apply the default settings in case nothing has been configured yet,
> otherwise existing settings may get overwritten.
>
> Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
> ---
> html/cgi-bin/ovpnmain.cgi | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
> index 83f9fdc02..a2f95dc9a 100644
> --- a/html/cgi-bin/ovpnmain.cgi
> +++ b/html/cgi-bin/ovpnmain.cgi
> @@ -132,7 +132,7 @@ my $col="";
> "MAX_CLIENTS" => 100,
> "MSSFIX" => "off",
> "TLSAUTH" => "on",
> -});
> +}) unless (%vpnsettings);
>
> # Load CGI parameters
> &Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'});
next prev parent reply other threads:[~2025-08-23 12:55 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <175490371612.107547.14288613781884197415.ipfire@ipfire.org>
2025-08-11 14:01 ` IPFire 2.29 - Core Update 197 is available for testing Adolf Belka
2025-08-11 14:51 ` Adolf Belka
2025-08-11 19:29 ` Peer Dietzmann
2025-08-14 19:00 ` Adolf Belka
2025-08-19 15:11 ` Michael Tremer
2025-08-19 15:56 ` Adolf Belka
2025-08-19 18:39 ` [PATCH] ovpnmain.cgi: Apply default settings when neccessary Stefan Schantl
2025-08-23 12:55 ` Adolf Belka [this message]
2025-08-25 8:51 ` Adolf Belka
2025-08-20 16:59 ` IPFire 2.29 - Core Update 197 is available for testing Adolf Belka
2025-08-23 13:10 ` Adolf Belka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aa387796-97cd-4718-960b-ed74567d28cb@ipfire.org \
--to=adolf.belka@ipfire.org \
--cc=development@lists.ipfire.org \
--cc=stefan.schantl@ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox