From mboxrd@z Thu Jan  1 00:00:00 1970
From: ummeegge <ummeegge@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH] OpenVPN: Delete RRD dir if connection is deleted
Date: Sat, 11 Apr 2020 10:06:55 +0200
Message-ID: <db938096d278d88eba1c594a203d4d2335190cdd.camel@ipfire.org>
In-Reply-To: <e76b2faed2678c99e73615090f3dc3b7af3ffecc.camel@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============5653187273940965138=="
List-Id: <development.lists.ipfire.org>

--===============5653187273940965138==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hi all,
this patch does only works if the common name is the same then the
connection name. Have encountered that the rrd creation for OpenVPN
uses the common name of the certificate not the connection name -->

# root @ ipfire-server in /var/log/rrd/collectd/localhost [8:34:50]=20
$ ls
cpu-0      disk-loop0                 iptables-filter-PSCAN  processes-charon=
    processes-spamd
cpu-1      disk-sda                   load                   processes-java  =
    processes-squid
cpu-2      entropy                    memory                 processes-mpd   =
    processes-squidguard
cpu-3      interface                  openvpn-rwonecert      processes-nmbd  =
    processes-sshd
cpufreq    iptables-filter-NEWNOTSYN  openvpn-rwtwocert      processes-openvp=
n   sensors-coretemp-isa-0000
disk-dm-0  iptables-filter-POLICYFWD  ping                   processes-qemu  =
    sensors-f71869-isa-0290
disk-dm-1  iptables-filter-POLICYIN   processes              processes-rtorre=
nt  swap
disk-dm-2  iptables-filter-POLICYOUT  processes-asterisk     processes-smbd

$ cat /var/ipfire/ovpn/ovpnconfig=20
1,on,rwonename,rwonecert,host,cert,,,,,,,,,,,,,,,,,,,,,,,,,,,,dynamic
2,on,rwtwoname,rwtwocert,host,cert,,,,,,,,,,,,,,,,,,,,,,,,,,,,dynamic,,,,,,,,=
,,,

strangely enough if i set the element index to [2] it doesn=C2=B4t work. Curr=
ently not sure why that=C2=B4s happen.

It is better to revert this patch.

Best,

Erik

Am Samstag, den 28.03.2020, 10:45 +0100 schrieb ummeegge:
> Hi Peter,
>=20
> Am Samstag, den 28.03.2020, 09:25 +0000 schrieb Peter M=C3=BCller:
> > Reviewed-by: Peter M=C3=BCller <peter.mueller(a)ipfire.org>
> >=20
> > In my opinion, this fixes #11713.
>=20
> Haven=C2=B4t seen that one, yes i think so.
> Have found another one in here -->=20
>=20
https://git.ipfire.org/?p=3Dipfire-2.x.git;a=3Dblob;f=3Dhtml/cgi-bin/ovpnmain=
.cgi;h=3De76a688fe7dcda0b77bf716eb2538342cd775b00;hb=3DHEAD#l1224
> which can not be solved in this way. Need to have another look into
> this.
> Will send a separate patch then for "delete all RRDs if X509 is
> deleted".
>=20
> Need a little more time.
>=20
> Best,
>=20
> Erik
>=20
> >=20
> > > Signed-off-by: Erik Kapfer <ummeegge(a)ipfire.org>
> > > ---
> > >  html/cgi-bin/ovpnmain.cgi | 2 +-
> > >  1 file changed, 1 insertion(+), 1 deletion(-)
> > >=20
> > > diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-
> > > bin/ovpnmain.cgi
> > > index ce9524df7..00ecd77a0 100644
> > > --- a/html/cgi-bin/ovpnmain.cgi
> > > +++ b/html/cgi-bin/ovpnmain.cgi
> > > @@ -2513,7 +2513,7 @@ else
> > >  # CCD end
> > >  		# Update collectd configuration and delete all RRD
> > > files of the removed connection
> > >  		&writecollectdconf();
> > > -		system ("/usr/local/bin/openvpnctrl -drrd
> > > $confighash{$cgiparams{'KEY'}}[1]");
> > > +		system ('/usr/local/bin/openvpnctrl', '-drrd',
> > > $confighash{$cgiparams{'KEY'}}[1]);
> > > =20
> > >  		delete $confighash{$cgiparams{'KEY'}};
> > >  		my $temp2 =3D `/usr/bin/openssl ca -gencrl -out
> > > ${General::swroot}/ovpn/crls/cacrl.pem -config
> > > ${General::swroot}/ovpn/openssl/ovpn.cnf`;
> > >=20
>=20
>=20


--===============5653187273940965138==--