After a backup is restored, the CRL might be out of data and client won't be able to connect to the server any more.
This will immediately update the CRL should it require an update.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- config/backup/backup.pl | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/config/backup/backup.pl b/config/backup/backup.pl index 54957a814..6fd9e45bb 100644 --- a/config/backup/backup.pl +++ b/config/backup/backup.pl @@ -184,6 +184,9 @@ restore_backup() { # move nobeeps if exist [ -e "/var/ipfire/ppp/nobeeps" ] && mv /var/ipfire/ppp/nobeeps /var/ipfire/red/nobeeps
+ # Update OpenVPN CRL + /etc/fcron.daily/openvpn-crl-updater + return 0 }
If the CRL is outdated for some reason (e.g. a backup restored from ISO where we don't run the migration scripts), this will update it on reboot/restart of the service.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- src/misc-progs/openvpnctrl.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/src/misc-progs/openvpnctrl.c b/src/misc-progs/openvpnctrl.c index b9e4fd2a6..92b5989e9 100644 --- a/src/misc-progs/openvpnctrl.c +++ b/src/misc-progs/openvpnctrl.c @@ -497,6 +497,8 @@ void startDaemon(void) { fprintf(stderr, "OpenVPN is not enabled on any interface\n"); exit(1); } else { + snprintf(command, STRING_SIZE-1, "/etc/fcron.daily/openvpn-crl-updater"); + executeCommand(command); snprintf(command, STRING_SIZE-1, "/sbin/modprobe tun"); executeCommand(command); snprintf(command, STRING_SIZE-1, "/usr/sbin/openvpn --config /var/ipfire/ovpn/server.conf");
-
Michael Tremer