From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.haj.ipfire.org (localhost [IPv6:::1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4c8H8t6Ydxz2xh0 for ; Sat, 23 Aug 2025 12:55:26 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [IPv6:2001:678:b28::25]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4c8H8q2j3Jz2xPP for ; Sat, 23 Aug 2025 12:55:23 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4c8H8n6W8qzlL; Sat, 23 Aug 2025 12:55:21 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1755953722; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=TjCYGIxnivngZxE8b/c0Lh7FxDBwh+CmI2p29tMixig=; b=+bBHg1PxreDyOum/FRdBcTVmsI+UL93uuvODFTxm659qL9gA/vPtPhkpfNMOSd+FBeQbXP gvW8BDEUlM12iKAQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1755953722; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=TjCYGIxnivngZxE8b/c0Lh7FxDBwh+CmI2p29tMixig=; b=CC7HJnePOHhSYN0vjVAxYPk//44BMlgATXDa0kS/6w7rl0buSPBX1XSQNIwPE8FN7WBUaS s2sQjgS8Yiw3gL0xvb3Z+rAh5YllMqhIl2HC3tyfcQjhgHI/FMpWcYDaN08gg98K7RVaky c38ralZ3ri0lloPtIOJHkI/u7TgcpttYiPK0bUeH45KeFBT08FwfiUHN5/aG99yseYE52a h1STZEcDd8S2Zee8xnpLQcu+81ekbitdyaA7so/LP8zt94gsv5OqHSpY2wR+Pdu/8pSLZ9 fSqoi8O/Ni5SGYThLaehDwwx69Z+4Gd7Z+CWMe4DKrHCMs+8acYT81xRA3ZKAw== Message-ID: Date: Sat, 23 Aug 2025 14:55:19 +0200 Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 Subject: Re: [PATCH] ovpnmain.cgi: Apply default settings when neccessary To: Stefan Schantl References: <118761f0-24cd-4a62-b064-8d87dffc6b89@ipfire.org> <20250819183916.5083-1-stefan.schantl@ipfire.org> Content-Language: en-GB Cc: "IPFire: Development-List" From: Adolf Belka In-Reply-To: <20250819183916.5083-1-stefan.schantl@ipfire.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Hi Stefan, I tried out the CU197 Testing update with this patch in place. It works fine for a new install, where there is no existing settings file but for updates or when a restore from an old backup is being done then a settings file already exists and then the default settings are not applied and this results in the settings file having no CIPHERS entry but having a fallback DCIPHER entry. In the update where the OpenVPN RW server is stopped before updating and started again afterwards this causes the server to fail to start as there is no CIPHER entry. When a restore from backup is done then the same thing happens with no CIPHERS entry, just a DCIPHER one but as the server is running when the restore is done, it stays running with the old settings but if the Save button is pressed then it Stops because the settings file now has no CIPHERS entry. Not sure how to fix this at the moment. Maybe it needs to be if the settings file exists and it contains a CIPHERS entry but I am not sure that is the right approach or not. Regards, Adolf. On 19/08/2025 20:39, Stefan Schantl wrote: > Only apply the default settings in case nothing has been configured yet, > otherwise existing settings may get overwritten. > > Signed-off-by: Stefan Schantl > --- > html/cgi-bin/ovpnmain.cgi | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi > index 83f9fdc02..a2f95dc9a 100644 > --- a/html/cgi-bin/ovpnmain.cgi > +++ b/html/cgi-bin/ovpnmain.cgi > @@ -132,7 +132,7 @@ my $col=""; > "MAX_CLIENTS" => 100, > "MSSFIX" => "off", > "TLSAUTH" => "on", > -}); > +}) unless (%vpnsettings); > > # Load CGI parameters > &Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'});