[PATCH 1/2] ovpnmain.cgi: Fixes bug#13548 - imported N2N client connections get disabled instead of no-pass
- When bug#11408 was fixed it was missed that key 41 has disabled inserted into it when uploading into the N2N client. This replaced the no-pass entry for all N2N connections resulting in the ovpnmain.cgi not being able to show the status correctly as the code looks for pass or no-pass. - The disabled entry has been present for a very long time and is not utilised anywhere in the code. - This fix ensures that key 41 in the uploaded N2N connection has no-pass entered - Tested out and confirmed in my vm testbed.
Fixes: Bug#13548 Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- html/cgi-bin/ovpnmain.cgi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index eb89c5095..b773bc4b7 100755 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -3472,7 +3472,7 @@ foreach my $dkey (keys %confighash) { $confighash{$key}[31] = $n2ntunmtu[1]; $confighash{$key}[39] = $n2nauth[1]; $confighash{$key}[40] = $n2ncipher[1]; - $confighash{$key}[41] = 'disabled'; + $confighash{$key}[41] = 'no-pass';
&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", %confighash);
- This code ensures that all existing N2N connections have no-pass in key 41 in place of disabled for some of them. - Tested out and confirmed on my vm testbed.
Fixes: Bug#13548 Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- config/rootfiles/core/185/update.sh | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+)
diff --git a/config/rootfiles/core/185/update.sh b/config/rootfiles/core/185/update.sh index 903fe1753..0a3fae638 100644 --- a/config/rootfiles/core/185/update.sh +++ b/config/rootfiles/core/185/update.sh @@ -88,6 +88,27 @@ telinit u /etc/init.d/unbound restart /etc/init.d/ntp start
+## Modify ovpnconfig according to bug 13548 for no-pass entry for N2N client connections +# Check if ovpnconfig exists and is not empty +if [ -s /var/ipfire/ovpn/ovpnconfig ]; then + # Add blank line at top of ovpnconfig otherwise the first roadwarrior entry is treated like a blank line and missed out from update + awk 'NR==1{print ""}1' /var/ipfire/ovpn/ovpnconfig > /var/ipfire/ovpn/tmp_file && mv /var/ipfire/ovpn/tmp_file /var/ipfire/ovpn/ovpnconfig + + # Make all N2N connections 'no-pass' since they do not use encryption + awk '{FS=OFS=","} {if($5=="net") {$43="no-pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new + + # Copy all RW connections unchanged to the new ovpnconfig file + for y in $(awk -F',' '/host/ { print $3 }' /var/ipfire/ovpn/ovpnconfig); do + awk -v var="$y" '{FS=OFS=","} {if($3==var) {print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new + + done +fi + +# Replace existing ovpnconfig with updated index +mv /var/ipfire/ovpn/ovpnconfig.new /var/ipfire/ovpn/ovpnconfig +# Set correct ownership +chown nobody:nobody /var/ipfire/ovpn/ovpnconfig + # This update needs a reboot... #touch /var/run/need_reboot
-
Adolf Belka