[git.ipfire.org] IPFire 2.x development tree branch, master, updated. 8d611ffd0424ba20aac45f63f5bdaa398b4cb557

[Michael Tremer <git@ipfire.org>]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, master has been updated
       via  8d611ffd0424ba20aac45f63f5bdaa398b4cb557 (commit)
       via  3e82d9990cbdd4b0f022e16aecec164008926717 (commit)
       via  4c0b4194ff24e4ddeb8a1311facfec71d2101a39 (commit)
      from  87e1047a08ca522f28807b3fde7a2f2faa75b733 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 8d611ffd0424ba20aac45f63f5bdaa398b4cb557
Author: Michael Tremer <michael.tremer@ipfire.org>
Date:   Thu Aug 14 11:03:04 2025 +0100

    core197: Rewrite the entire OpenVPN server configuration
    
    This also updates all CCD configuration files.
    
    Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit 3e82d9990cbdd4b0f022e16aecec164008926717
Author: Michael Tremer <michael.tremer@ipfire.org>
Date:   Thu Aug 14 11:01:23 2025 +0100

    ovpnmain.cgi: Add option to rewrite all configuration files
    
    Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit 4c0b4194ff24e4ddeb8a1311facfec71d2101a39
Author: Michael Tremer <michael.tremer@ipfire.org>
Date:   Thu Aug 14 11:01:10 2025 +0100

    ovpnmain.cgi: Disable logging warnings
    
    Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

-----------------------------------------------------------------------

Summary of changes:
 config/backup/backup.pl             | 27 +--------------------------
 config/rootfiles/core/197/update.sh | 27 +--------------------------
 html/cgi-bin/ovpnmain.cgi           | 10 ++++++++--
 3 files changed, 10 insertions(+), 54 deletions(-)

Difference in files:
diff --git a/config/backup/backup.pl b/config/backup/backup.pl
index ed7a68455..c9bc14355 100644
--- a/config/backup/backup.pl
+++ b/config/backup/backup.pl
@@ -350,32 +350,7 @@ restore_backup() {
 	fi
 
 	# Update the OpenVPN configuration
-	sed -r \
-		-e "s/^writepid .*/writepid \/var\/run\/openvpn-rw.pid/" \
-		-e "/ncp-disable/d" \
-		-e "s/^cipher (.*)/data-ciphers-fallback \1/" \
-		-e "s/^status .*/status \/var\/run\/openvpn-rw.log/" \
-		-i /var/ipfire/ovpn/server.conf
-
-	# Change to the subnet topology
-	if ! grep -q "topology subnet" /var/ipfire/ovpn/server.conf; then
-		echo "topology subnet" >> /var/ipfire/ovpn/server.conf
-	fi
-
-	# Migrate away from compression
-	if ! grep -q "compress migrate" /var/ipfire/ovpn/server.conf; then
-		echo "compress migrate" >> /var/ipfire/ovpn/server.conf
-	fi
-
-	# Enable the legacy provider (just in case)
-	if ! grep -q "providers legacy default" /var/ipfire/ovpn/server.conf; then
-		echo "providers legacy default" >> /var/ipfire/ovpn/server.conf
-	fi
-
-	# Enable explicit exit notification
-	if ! grep -q "explicit-exit-notify" /var/ipfire/ovpn/server.conf; then
-		echo "explicit-exit-notify" >> /var/ipfire/ovpn/server.conf
-	fi
+	sudo -u nobody /srv/web/ipfire/cgi-bin/ovpnmain.cgi
 
 	return 0
 }
diff --git a/config/rootfiles/core/197/update.sh b/config/rootfiles/core/197/update.sh
index dc9149499..0fd5cc6f0 100644
--- a/config/rootfiles/core/197/update.sh
+++ b/config/rootfiles/core/197/update.sh
@@ -123,32 +123,7 @@ ldconfig
 /usr/local/bin/filesystem-cleanup
 
 # Update the OpenVPN configuration
-sed -r \
-	-e "s/^writepid .*/writepid \/var\/run\/openvpn-rw.pid/" \
-	-e "/ncp-disable/d" \
-	-e "s/^cipher (.*)/data-ciphers-fallback \1/" \
-	-e "s/^status .*/status \/var\/run\/openvpn-rw.log/" \
-	-i /var/ipfire/ovpn/server.conf
-
-# Change to the subnet topology
-if ! grep -q "topology subnet" /var/ipfire/ovpn/server.conf; then
-	echo "topology subnet" >> /var/ipfire/ovpn/server.conf
-fi
-
-# Migrate away from compression
-if ! grep -q "compress migrate" /var/ipfire/ovpn/server.conf; then
-	echo "compress migrate" >> /var/ipfire/ovpn/server.conf
-fi
-
-# Enable the legacy provider (just in case)
-if ! grep -q "providers legacy default" /var/ipfire/ovpn/server.conf; then
-	echo "providers legacy default" >> /var/ipfire/ovpn/server.conf
-fi
-
-# Enable explicit exit notification
-if ! grep -q "explicit-exit-notify" /var/ipfire/ovpn/server.conf; then
-	echo "explicit-exit-notify" >> /var/ipfire/ovpn/server.conf
-fi
+sudo -u nobody /srv/web/ipfire/cgi-bin/ovpnmain.cgi
 
 # Apply SSH configuration
 /usr/local/bin/sshctrl
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 1fe0978c6..83f9fdc02 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -41,8 +41,8 @@ require "${General::swroot}/countries.pl";
 require "${General::swroot}/location-functions.pl";
 
 # enable only the following on debugging purpose
-use warnings;
-use CGI::Carp 'fatalsToBrowser';
+#use warnings;
+#use CGI::Carp 'fatalsToBrowser';
 
 my %mainsettings = ();
 &General::readhash("${General::swroot}/main/settings", \%mainsettings);
@@ -1001,6 +1001,12 @@ sub openvpn_status($) {
 	return $status;
 }
 
+# Hook to regenerate the configuration files
+if ($ENV{"REMOTE_ADDR"} eq "") {
+	&writeserverconf();
+	exit(0);
+}
+
 ###
 ### Save Advanced options
 ###


hooks/post-receive
--
IPFire 2.x development tree