* [git.ipfire.org] IPFire 2.x development tree branch, core120, updated. 98ae3af84418c3f21b0a7365bb5bf780046642f4
@ 2018-04-09 20:27 git
0 siblings, 0 replies; only message in thread
From: git @ 2018-04-09 20:27 UTC (permalink / raw)
To: ipfire-scm
[-- Attachment #1: Type: text/plain, Size: 12938 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, core120 has been updated
via 98ae3af84418c3f21b0a7365bb5bf780046642f4 (commit)
via c79cbc15941fb4f950fbb7aad6c98fd1344bf348 (commit)
via f5b2d0a14a5e109948bc0d024ffcba63cffcab48 (commit)
from a554acea163fa51e0a9e5081003e4148ffdfc24b (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 98ae3af84418c3f21b0a7365bb5bf780046642f4
Merge: a554acea1 c79cbc159
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Mon Apr 9 22:25:53 2018 +0200
Merge branch 'master' into core120
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/core/120/update.sh | 12 +++++
html/cgi-bin/ovpnmain.cgi | 101 ------------------------------------
2 files changed, 12 insertions(+), 101 deletions(-)
Difference in files:
diff --git a/config/rootfiles/core/120/update.sh b/config/rootfiles/core/120/update.sh
index 459262c86..1ba9df96f 100644
--- a/config/rootfiles/core/120/update.sh
+++ b/config/rootfiles/core/120/update.sh
@@ -58,6 +58,9 @@ if [ -e /var/ipfire/ovpn/server.conf ]; then
sed -i -e 's/script-security 3 system/script-security 3/' \
-e '/status .*/ a ncp-disable' /var/ipfire/ovpn/server.conf
+ # Disable Path MTU discovery settings
+ sed -e "/^mtu-disc/d" -i /var/ipfire/ovpn/server.conf
+
# Update the OpenVPN CRL
openssl ca -gencrl -keyfile /var/ipfire/ovpn/ca/cakey.pem \
-cert /var/ipfire/ovpn/ca/cacert.pem \
@@ -67,6 +70,15 @@ if [ -e /var/ipfire/ovpn/server.conf ]; then
/usr/local/bin/openvpnctrl -s
fi
+# Update OpenVPN N2N configurations
+/usr/local/bin/openvpnctrl -kn2n
+
+for file in /var/ipfire/ovpn/n2nconf/*/*.conf; do
+ sed -e "/^mtu-disc/d" -i ${file}
+done
+
+/usr/local/bin/openvpnctrl -sn2n
+
# Start services
/etc/init.d/apache restart
/etc/init.d/unbound restart
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index ff3d05509..94e723ba2 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -92,7 +92,6 @@ $cgiparams{'ROUTES_PUSH'} = '';
$cgiparams{'DCOMPLZO'} = 'off';
$cgiparams{'MSSFIX'} = '';
$cgiparams{'number'} = '';
-$cgiparams{'PMTU_DISCOVERY'} = '';
$cgiparams{'DCIPHER'} = '';
$cgiparams{'DAUTH'} = '';
$cgiparams{'TLSAUTH'} = '';
@@ -234,10 +233,6 @@ sub writeserverconf {
{ print CONF "tun-mtu 1500\n"; }
elsif ($sovpnsettings{'FRAGMENT'} ne '' && $sovpnsettings{'DPROTOCOL'} ne 'tcp')
{ print CONF "tun-mtu 1500\n"; }
- elsif (($sovpnsettings{'PMTU_DISCOVERY'} eq 'yes') ||
- ($sovpnsettings{'PMTU_DISCOVERY'} eq 'maybe') ||
- ($sovpnsettings{'PMTU_DISCOVERY'} eq 'no' ))
- { print CONF "tun-mtu 1500\n"; }
else
{ print CONF "tun-mtu $sovpnsettings{'DMTU'}\n"; }
@@ -277,13 +272,6 @@ sub writeserverconf {
print CONF "fragment $sovpnsettings{'FRAGMENT'}\n";
}
- # Check if a valid operating mode has been choosen and use it.
- if (($sovpnsettings{'PMTU_DISCOVERY'} eq 'yes') ||
- ($sovpnsettings{'PMTU_DISCOVERY'} eq 'maybe') ||
- ($sovpnsettings{'PMTU_DISCOVERY'} eq 'no' )) {
- print CONF "mtu-disc $sovpnsettings{'PMTU_DISCOVERY'}\n";
- }
-
if ($sovpnsettings{KEEPALIVE_1} > 0 && $sovpnsettings{KEEPALIVE_2} > 0) {
print CONF "keepalive $sovpnsettings{'KEEPALIVE_1'} $sovpnsettings{'KEEPALIVE_2'}\n";
}
@@ -755,7 +743,6 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) {
$vpnsettings{'DHCP_DNS'} = $cgiparams{'DHCP_DNS'};
$vpnsettings{'DHCP_WINS'} = $cgiparams{'DHCP_WINS'};
$vpnsettings{'ROUTES_PUSH'} = $cgiparams{'ROUTES_PUSH'};
- $vpnsettings{'PMTU_DISCOVERY'} = $cgiparams{'PMTU_DISCOVERY'};
$vpnsettings{'DAUTH'} = $cgiparams{'DAUTH'};
$vpnsettings{'TLSAUTH'} = $cgiparams{'TLSAUTH'};
my @temp=();
@@ -777,16 +764,6 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) {
$vpnsettings{'MSSFIX'} = $cgiparams{'MSSFIX'};
}
- if (($cgiparams{'PMTU_DISCOVERY'} eq 'yes') ||
- ($cgiparams{'PMTU_DISCOVERY'} eq 'maybe') ||
- ($cgiparams{'PMTU_DISCOVERY'} eq 'no' )) {
-
- if (($cgiparams{'MSSFIX'} eq 'on') || ($cgiparams{'FRAGMENT'} ne '')) {
- $errormessage = $Lang::tr{'ovpn mtu-disc with mssfix or fragment'};
- goto ADV_ERROR;
- }
- }
-
if ($cgiparams{'DHCP_DOMAIN'} ne ''){
unless (&General::validdomainname($cgiparams{'DHCP_DOMAIN'}) || &General::validip($cgiparams{'DHCP_DOMAIN'})) {
$errormessage = $Lang::tr{'invalid input for dhcp domain'};
@@ -952,16 +929,6 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General
if ($cgiparams{'MSSFIX'} eq 'on') {print SERVERCONF "mssfix\n"; };
}
- # Check if a valid operating mode has been choosen and use it.
- if (($cgiparams{'PMTU_DISCOVERY'} eq 'yes') ||
- ($cgiparams{'PMTU_DISCOVERY'} eq 'maybe') ||
- ($cgiparams{'PMTU_DISCOVERY'} eq 'no' )) {
- if(($cgiparams{'MSSFIX'} ne 'on') || ($cgiparams{'FRAGMENT'} eq '')) {
- if($cgiparams{'MTU'} eq '1500') {
- print SERVERCONF "mtu-disc $cgiparams{'PMTU_DISCOVERY'}\n";
- }
- }
- }
print SERVERCONF "# Auth. Server\n";
print SERVERCONF "tls-server\n";
print SERVERCONF "ca ${General::swroot}/ovpn/ca/cacert.pem\n";
@@ -1058,16 +1025,6 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General
if ($cgiparams{'MSSFIX'} eq 'on') {print CLIENTCONF "mssfix\n"; };
}
- # Check if a valid operating mode has been choosen and use it.
- if (($cgiparams{'PMTU_DISCOVERY'} eq 'yes') ||
- ($cgiparams{'PMTU_DISCOVERY'} eq 'maybe') ||
- ($cgiparams{'PMTU_DISCOVERY'} eq 'no' )) {
- if(($cgiparams{'MSSFIX'} ne 'on') || ($cgiparams{'FRAGMENT'} eq '')) {
- if ($cgiparams{'MTU'} eq '1500') {
- print CLIENTCONF "mtu-disc $cgiparams{'PMTU_DISCOVERY'}\n";
- }
- }
- }
# Check host certificate if X509 is RFC3280 compliant.
# If not, old --ns-cert-type directive will be used.
# If appropriate key usage extension exists, new --remote-cert-tls directive will be used.
@@ -2279,10 +2236,6 @@ else
{ print CLIENTCONF "tun-mtu 1500\r\n"; }
elsif ($vpnsettings{MSSFIX} eq 'on')
{ print CLIENTCONF "tun-mtu 1500\r\n"; }
- elsif (($vpnsettings{'PMTU_DISCOVERY'} eq 'yes') ||
- ($vpnsettings{'PMTU_DISCOVERY'} eq 'maybe') ||
- ($vpnsettings{'PMTU_DISCOVERY'} eq 'no' ))
- { print CLIENTCONF "tun-mtu 1500\r\n"; }
else
{ print CLIENTCONF "tun-mtu $vpnsettings{'DMTU'}\r\n"; }
@@ -2382,15 +2335,6 @@ else
print CLIENTCONF "fragment $vpnsettings{'FRAGMENT'}\r\n";
}
- # Check if a valid operating mode has been choosen and use it.
- if (($vpnsettings{'PMTU_DISCOVERY'} eq 'yes') ||
- ($vpnsettings{'PMTU_DISCOVERY'} eq 'maybe') ||
- ($vpnsettings{'PMTU_DISCOVERY'} eq 'no' )) {
- if(($vpnsettings{MSSFIX} ne 'on') || ($vpnsettings{FRAGMENT} eq '')) {
- print CLIENTCONF "mtu-disc $vpnsettings{'PMTU_DISCOVERY'}\r\n";
- }
- }
-
if ($include_certs) {
print CLIENTCONF "\r\n";
@@ -2668,9 +2612,6 @@ ADV_ERROR:
if ($cgiparams{'LOG_VERB'} eq '') {
$cgiparams{'LOG_VERB'} = '3';
}
- if ($cgiparams{'PMTU_DISCOVERY'} eq '') {
- $cgiparams{'PMTU_DISCOVERY'} = 'off';
- }
if ($cgiparams{'DAUTH'} eq '') {
$cgiparams{'DAUTH'} = 'SHA512';
}
@@ -2689,7 +2630,6 @@ ADV_ERROR:
$checked{'MSSFIX'}{'off'} = '';
$checked{'MSSFIX'}{'on'} = '';
$checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
- $checked{'PMTU_DISCOVERY'}{$cgiparams{'PMTU_DISCOVERY'}} = 'checked=\'checked\'';
$selected{'LOG_VERB'}{'0'} = '';
$selected{'LOG_VERB'}{'1'} = '';
$selected{'LOG_VERB'}{'2'} = '';
@@ -2812,14 +2752,6 @@ print <<END;
<td><input type='TEXT' name='KEEPALIVE_1' value='$cgiparams{'KEEPALIVE_1'}' size='10' /></td>
<td><input type='TEXT' name='KEEPALIVE_2' value='$cgiparams{'KEEPALIVE_2'}' size='10' /></td>
</tr>
-
- <tr>
- <td class='base'>$Lang::tr{'ovpn mtu-disc'}</td>
- <td><input type='radio' name='PMTU_DISCOVERY' value='yes' $checked{'PMTU_DISCOVERY'}{'yes'} /> $Lang::tr{'ovpn mtu-disc yes'}</td>
- <td><input type='radio' name='PMTU_DISCOVERY' value='maybe' $checked{'PMTU_DISCOVERY'}{'maybe'} /> $Lang::tr{'ovpn mtu-disc maybe'}</td>
- <td><input type='radio' name='PMTU_DISCOVERY' value='no' $checked{'PMTU_DISCOVERY'}{'no'} /> $Lang::tr{'ovpn mtu-disc no'}</td>
- <td><input type='radio' name='PMTU_DISCOVERY' value='off' $checked{'PMTU_DISCOVERY'}{'off'} /> $Lang::tr{'ovpn mtu-disc off'}</td>
- </tr>
</table>
<hr size='1'>
@@ -3650,7 +3582,6 @@ if ($confighash{$cgiparams{'KEY'}}) {
$cgiparams{'CCD_DNS1'} = $confighash{$cgiparams{'KEY'}}[35];
$cgiparams{'CCD_DNS2'} = $confighash{$cgiparams{'KEY'}}[36];
$cgiparams{'CCD_WINS'} = $confighash{$cgiparams{'KEY'}}[37];
- $cgiparams{'PMTU_DISCOVERY'} = $confighash{$cgiparams{'KEY'}}[38];
$cgiparams{'DAUTH'} = $confighash{$cgiparams{'KEY'}}[39];
$cgiparams{'DCIPHER'} = $confighash{$cgiparams{'KEY'}}[40];
$cgiparams{'TLSAUTH'} = $confighash{$cgiparams{'KEY'}}[41];
@@ -3919,22 +3850,6 @@ if ($cgiparams{'TYPE'} eq 'net') {
goto VPNCONF_ERROR;
}
- if ($cgiparams{'PMTU_DISCOVERY'} ne 'off') {
- if (($cgiparams{'FRAGMENT'} ne '') || ($cgiparams{'MSSFIX'} eq 'on')) {
- $errormessage = $Lang::tr{'ovpn mtu-disc with mssfix or fragment'};
- unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
- rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
- goto VPNCONF_ERROR;
- }
- }
-
- if (($cgiparams{'PMTU_DISCOVERY'} ne 'off') && ($cgiparams{'MTU'} ne '1500')) {
- $errormessage = $Lang::tr{'ovpn mtu-disc and mtu not 1500'};
- unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
- rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
- goto VPNCONF_ERROR;
- }
-
if ( &validdotmask ($cgiparams{'LOCAL_SUBNET'})) {
$errormessage = $Lang::tr{'openvpn prefix local subnet'};
unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
@@ -4378,7 +4293,6 @@ if ($cgiparams{'TYPE'} eq 'net') {
$confighash{$key}[35] = $cgiparams{'CCD_DNS1'};
$confighash{$key}[36] = $cgiparams{'CCD_DNS2'};
$confighash{$key}[37] = $cgiparams{'CCD_WINS'};
- $confighash{$key}[38] = $cgiparams{'PMTU_DISCOVERY'};
$confighash{$key}[39] = $cgiparams{'DAUTH'};
$confighash{$key}[40] = $cgiparams{'DCIPHER'};
@@ -4494,7 +4408,6 @@ if ($cgiparams{'TYPE'} eq 'net') {
###
$cgiparams{'MSSFIX'} = 'on';
$cgiparams{'FRAGMENT'} = '1300';
- $cgiparams{'PMTU_DISCOVERY'} = 'off';
$cgiparams{'DAUTH'} = 'SHA512';
###
# m.a.d n2n end
@@ -4556,11 +4469,6 @@ if ($cgiparams{'TYPE'} eq 'net') {
$checked{'MSSFIX'}{'on'} = '';
$checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
- if ($cgiparams{'PMTU_DISCOVERY'} eq '') {
- $cgiparams{'PMTU_DISCOVERY'} = 'off';
- }
- $checked{'PMTU_DISCOVERY'}{$cgiparams{'PMTU_DISCOVERY'}} = 'checked=\'checked\'';
-
$selected{'DCIPHER'}{'AES-256-GCM'} = '';
$selected{'DCIPHER'}{'AES-192-GCM'} = '';
$selected{'DCIPHER'}{'AES-128-GCM'} = '';
@@ -4721,15 +4629,6 @@ if ($cgiparams{'TYPE'} eq 'net') {
<td><input type='checkbox' name='COMPLZO' $checked{'COMPLZO'}{'on'} /></td>
</tr>
- <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn mtu-disc'}</td>
- <td colspan='3'>
- <input type='radio' name='PMTU_DISCOVERY' value='yes' $checked{'PMTU_DISCOVERY'}{'yes'} /> $Lang::tr{'ovpn mtu-disc yes'}
- <input type='radio' name='PMTU_DISCOVERY' value='maybe' $checked{'PMTU_DISCOVERY'}{'maybe'} /> $Lang::tr{'ovpn mtu-disc maybe'}
- <input type='radio' name='PMTU_DISCOVERY' value='no' $checked{'PMTU_DISCOVERY'}{'no'} /> $Lang::tr{'ovpn mtu-disc no'}
- <input type='radio' name='PMTU_DISCOVERY' value='off' $checked{'PMTU_DISCOVERY'}{'off'} /> $Lang::tr{'ovpn mtu-disc off'}
- </td>
- </tr>
-
<tr><td colspan=4><hr /></td></tr><tr>
<tr>
<td class'base'><b>$Lang::tr{'ovpn crypt options'}:</b></td>
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2018-04-09 20:27 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-04-09 20:27 [git.ipfire.org] IPFire 2.x development tree branch, core120, updated. 98ae3af84418c3f21b0a7365bb5bf780046642f4 git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox