From: Michael Tremer <git@ipfire.org>
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 6dac44d40c4e1e80c497959f7098158462b033cb
Date: Sun, 03 Mar 2024 10:15:23 +0000 [thread overview]
Message-ID: <4Tnd4W6lb1z2xg8@people01.haj.ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 4712 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 6dac44d40c4e1e80c497959f7098158462b033cb (commit)
via 4a0648243b991b00130aca4fcc615e717ddb1003 (commit)
from 6ea7d8c67e0ea53188d6dc356b9cdbc5bf7b5d97 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 6dac44d40c4e1e80c497959f7098158462b033cb
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Feb 22 13:43:39 2024 +0100
update.sh: Fixes bug#13548 - make key 41 contain no-pass for N2N connections
- This code ensures that all existing N2N connections have no-pass in key 41 in place
of disabled for some of them.
- Tested out and confirmed on my vm testbed.
Fixes: Bug#13548
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 4a0648243b991b00130aca4fcc615e717ddb1003
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Feb 22 13:43:38 2024 +0100
ovpnmain.cgi: Fixes bug#13548 - imported N2N client connections get disabled instead of no-pass
- When bug#11408 was fixed it was missed that key 41 has disabled inserted into it when
uploading into the N2N client. This replaced the no-pass entry for all N2N connections
resulting in the ovpnmain.cgi not being able to show the status correctly as the code
looks for pass or no-pass.
- The disabled entry has been present for a very long time and is not utilised anywhere
in the code.
- This fix ensures that key 41 in the uploaded N2N connection has no-pass entered
- Tested out and confirmed in my vm testbed.
Fixes: Bug#13548
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/core/185/update.sh | 21 +++++++++++++++++++++
html/cgi-bin/ovpnmain.cgi | 2 +-
2 files changed, 22 insertions(+), 1 deletion(-)
Difference in files:
diff --git a/config/rootfiles/core/185/update.sh b/config/rootfiles/core/185/update.sh
index 903fe1753..0a3fae638 100644
--- a/config/rootfiles/core/185/update.sh
+++ b/config/rootfiles/core/185/update.sh
@@ -88,6 +88,27 @@ telinit u
/etc/init.d/unbound restart
/etc/init.d/ntp start
+## Modify ovpnconfig according to bug 13548 for no-pass entry for N2N client connections
+# Check if ovpnconfig exists and is not empty
+if [ -s /var/ipfire/ovpn/ovpnconfig ]; then
+ # Add blank line at top of ovpnconfig otherwise the first roadwarrior entry is treated like a blank line and missed out from update
+ awk 'NR==1{print ""}1' /var/ipfire/ovpn/ovpnconfig > /var/ipfire/ovpn/tmp_file && mv /var/ipfire/ovpn/tmp_file /var/ipfire/ovpn/ovpnconfig
+
+ # Make all N2N connections 'no-pass' since they do not use encryption
+ awk '{FS=OFS=","} {if($5=="net") {$43="no-pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new
+
+ # Copy all RW connections unchanged to the new ovpnconfig file
+ for y in $(awk -F',' '/host/ { print $3 }' /var/ipfire/ovpn/ovpnconfig); do
+ awk -v var="$y" '{FS=OFS=","} {if($3==var) {print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new
+
+ done
+fi
+
+# Replace existing ovpnconfig with updated index
+mv /var/ipfire/ovpn/ovpnconfig.new /var/ipfire/ovpn/ovpnconfig
+# Set correct ownership
+chown nobody:nobody /var/ipfire/ovpn/ovpnconfig
+
# This update needs a reboot...
#touch /var/run/need_reboot
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 98900b277..c92d0237d 100755
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -3472,7 +3472,7 @@ foreach my $dkey (keys %confighash) {
$confighash{$key}[31] = $n2ntunmtu[1];
$confighash{$key}[39] = $n2nauth[1];
$confighash{$key}[40] = $n2ncipher[1];
- $confighash{$key}[41] = 'disabled';
+ $confighash{$key}[41] = 'no-pass';
&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
hooks/post-receive
--
IPFire 2.x development tree
reply other threads:[~2024-03-03 10:15 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4Tnd4W6lb1z2xg8@people01.haj.ipfire.org \
--to=git@ipfire.org \
--cc=ipfire-scm@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox