Great idea Michael.
Am Donnerstag, dem 21.03.2024 um 15:14 +0000 schrieb Michael Tremer:
Hello Erik,
Thank you for the patchiest, but I have been working this week on implementing this.
You can find more details about this here:
https://www.ipfire.org/docs/roadmap/openvpn-26
I asked Adolf to post the patches that he had and which include parts of your previous work to finally get this over the line. Various people have been working on the OpenVPN code over the years creating an absolute mess. The CGI file is by far the longest we have and very difficult to edit without breaking anything else. So I have started a large refactor (not rewrite) to get it into some state where we can work on things better.
That will be needed to implement the things outlined on the roadmap page. NCP is only one of them.
On that page, you can find my current development branch linked which includes many changes so far, but it is not done, yet.
-Michael
On 21 Mar 2024, at 12:29, ummeegge ummeegge@ipfire.org wrote:
Hi all, this is a minimal solution of an update to OpenVPN 2.6.x IMO . This patch series should be a help for mainly Adolf (might be great if you go for a checkout) but please give it all a try and test it if it reaches the goal.
Best,
Erik
Am Donnerstag, dem 21.03.2024 um 13:24 +0100 schrieb Erik Kapfer:
This process may should be continued with some of the following updates to make sure the directives are included even the update with this changes has over jumped ?! otherwise, the "Advanced server options" page needs to be saved via WUI to bring OpenVPN to life.
Signed-off-by: Erik Kapfer erik.kapfer@ipfire.org
config/rootfiles/core/185/update.sh | 11 +++++++++++ 1 file changed, 11 insertions(+)
diff --git a/config/rootfiles/core/185/update.sh b/config/rootfiles/core/185/update.sh index 2c95c4102..247661481 100644 --- a/config/rootfiles/core/185/update.sh +++ b/config/rootfiles/core/185/update.sh @@ -35,6 +35,17 @@ done /etc/init.d/ntp stop /etc/init.d/squid stop +# OpenVPN add and change new 2.6.x directives for NCP. +if pgrep openvpn > /dev/null; then
- /usr/local/bin/openvpnctrl -k > /dev/null
- sed -i 's/^ncp-disable/data-ciphers ChaCha20-Poly1305:AES-
256-GCM/' /var/ipfire/ovpn/server.conf
- sed -i 's/^cipher/data-ciphers-fallback/'
/var/ipfire/ovpn/server.conf
- /usr/local/bin/openvpnctrl -s > /dev/null
+else
- sed -i 's/^ncp-disable/data-ciphers ChaCha20-Poly1305:AES-
256-GCM/' /var/ipfire/ovpn/server.conf
- sed -i 's/^cipher/data-ciphers-fallback/'
/var/ipfire/ovpn/server.conf +fi
# Extract files extract_files