From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.haj.ipfire.org (localhost [IPv6:::1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4c2gn92yJrz2xQd for ; Thu, 14 Aug 2025 10:03:57 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4c2gn92hzMz2xLm for ; Thu, 14 Aug 2025 10:03:57 +0000 (UTC) Received: from people01.haj.ipfire.org (people01.haj.ipfire.org [172.28.1.161]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "people01.haj.ipfire.org", Issuer "E5" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4c2gn85PKTzpn for ; Thu, 14 Aug 2025 10:03:56 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1755165836; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc; bh=vuij9nhQuAngF1PrFlLmh218Cn0GkYUwcm5iSkiVqMU=; b=rjkYy/zIBGlWbnDP5IEzv4OB49Sm2Hu2w8RzlU3VXUn3foHwvxWvYn1WKAUD+P60H5Tk5+ SYiASR9xTfKHkyBQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1755165836; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc; bh=vuij9nhQuAngF1PrFlLmh218Cn0GkYUwcm5iSkiVqMU=; b=Y4KNZWY83ez/4dpGykcLIt3VZ33x0NY+yFfm8z4xLCpn5+OGcMZCc/CCLu+WCgatHmg4uH u9XSNxzLrwaIm2ZpNwXuQC2YDHpXcwFz46OBOUrgNZI4tmeuyXUvCYoliyCCnNUq2SaN5z Hqb7mMB6TgahmommkEK6jraMDyxqNMoLQcjbXzyBeWoOkxmbhQ4OBifWysKYSeA+f5Ujls Q+4H8zEw/5pFL/woAnpqjIardbtNz0o0tTZLHoC/rFD1mNeZkJfVqdpqI4roEbxOZGHPr1 /x5PXyIaChZIaTePINGS5LQiPrilN0Zs18BiBaLiWUnaXmASRIk+t7JnDpQ9Zg== Received: by people01.haj.ipfire.org (Postfix, from userid 1000) id 4c2gn84fn4z2xHR; Thu, 14 Aug 2025 10:03:56 +0000 (UTC) To: ipfire-scm@lists.ipfire.org Subject: [git.ipfire.org] IPFire 2.x development tree branch, master, updated. 8d611ffd0424ba20aac45f63f5bdaa398b4cb557 X-Git-Refname: refs/heads/master X-Git-Reftype: branch X-Git-Oldrev: 87e1047a08ca522f28807b3fde7a2f2faa75b733 X-Git-Newrev: 8d611ffd0424ba20aac45f63f5bdaa398b4cb557 Message-Id: <4c2gn84fn4z2xHR@people01.haj.ipfire.org> Date: Thu, 14 Aug 2025 10:03:56 +0000 (UTC) From: Michael Tremer Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, master has been updated via 8d611ffd0424ba20aac45f63f5bdaa398b4cb557 (commit) via 3e82d9990cbdd4b0f022e16aecec164008926717 (commit) via 4c0b4194ff24e4ddeb8a1311facfec71d2101a39 (commit) from 87e1047a08ca522f28807b3fde7a2f2faa75b733 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8d611ffd0424ba20aac45f63f5bdaa398b4cb557 Author: Michael Tremer Date: Thu Aug 14 11:03:04 2025 +0100 core197: Rewrite the entire OpenVPN server configuration This also updates all CCD configuration files. Signed-off-by: Michael Tremer commit 3e82d9990cbdd4b0f022e16aecec164008926717 Author: Michael Tremer Date: Thu Aug 14 11:01:23 2025 +0100 ovpnmain.cgi: Add option to rewrite all configuration files Signed-off-by: Michael Tremer commit 4c0b4194ff24e4ddeb8a1311facfec71d2101a39 Author: Michael Tremer Date: Thu Aug 14 11:01:10 2025 +0100 ovpnmain.cgi: Disable logging warnings Signed-off-by: Michael Tremer ----------------------------------------------------------------------- Summary of changes: config/backup/backup.pl | 27 +-------------------------- config/rootfiles/core/197/update.sh | 27 +-------------------------- html/cgi-bin/ovpnmain.cgi | 10 ++++++++-- 3 files changed, 10 insertions(+), 54 deletions(-) Difference in files: diff --git a/config/backup/backup.pl b/config/backup/backup.pl index ed7a68455..c9bc14355 100644 --- a/config/backup/backup.pl +++ b/config/backup/backup.pl @@ -350,32 +350,7 @@ restore_backup() { fi # Update the OpenVPN configuration - sed -r \ - -e "s/^writepid .*/writepid \/var\/run\/openvpn-rw.pid/" \ - -e "/ncp-disable/d" \ - -e "s/^cipher (.*)/data-ciphers-fallback \1/" \ - -e "s/^status .*/status \/var\/run\/openvpn-rw.log/" \ - -i /var/ipfire/ovpn/server.conf - - # Change to the subnet topology - if ! grep -q "topology subnet" /var/ipfire/ovpn/server.conf; then - echo "topology subnet" >> /var/ipfire/ovpn/server.conf - fi - - # Migrate away from compression - if ! grep -q "compress migrate" /var/ipfire/ovpn/server.conf; then - echo "compress migrate" >> /var/ipfire/ovpn/server.conf - fi - - # Enable the legacy provider (just in case) - if ! grep -q "providers legacy default" /var/ipfire/ovpn/server.conf; then - echo "providers legacy default" >> /var/ipfire/ovpn/server.conf - fi - - # Enable explicit exit notification - if ! grep -q "explicit-exit-notify" /var/ipfire/ovpn/server.conf; then - echo "explicit-exit-notify" >> /var/ipfire/ovpn/server.conf - fi + sudo -u nobody /srv/web/ipfire/cgi-bin/ovpnmain.cgi return 0 } diff --git a/config/rootfiles/core/197/update.sh b/config/rootfiles/core/197/update.sh index dc9149499..0fd5cc6f0 100644 --- a/config/rootfiles/core/197/update.sh +++ b/config/rootfiles/core/197/update.sh @@ -123,32 +123,7 @@ ldconfig /usr/local/bin/filesystem-cleanup # Update the OpenVPN configuration -sed -r \ - -e "s/^writepid .*/writepid \/var\/run\/openvpn-rw.pid/" \ - -e "/ncp-disable/d" \ - -e "s/^cipher (.*)/data-ciphers-fallback \1/" \ - -e "s/^status .*/status \/var\/run\/openvpn-rw.log/" \ - -i /var/ipfire/ovpn/server.conf - -# Change to the subnet topology -if ! grep -q "topology subnet" /var/ipfire/ovpn/server.conf; then - echo "topology subnet" >> /var/ipfire/ovpn/server.conf -fi - -# Migrate away from compression -if ! grep -q "compress migrate" /var/ipfire/ovpn/server.conf; then - echo "compress migrate" >> /var/ipfire/ovpn/server.conf -fi - -# Enable the legacy provider (just in case) -if ! grep -q "providers legacy default" /var/ipfire/ovpn/server.conf; then - echo "providers legacy default" >> /var/ipfire/ovpn/server.conf -fi - -# Enable explicit exit notification -if ! grep -q "explicit-exit-notify" /var/ipfire/ovpn/server.conf; then - echo "explicit-exit-notify" >> /var/ipfire/ovpn/server.conf -fi +sudo -u nobody /srv/web/ipfire/cgi-bin/ovpnmain.cgi # Apply SSH configuration /usr/local/bin/sshctrl diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 1fe0978c6..83f9fdc02 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -41,8 +41,8 @@ require "${General::swroot}/countries.pl"; require "${General::swroot}/location-functions.pl"; # enable only the following on debugging purpose -use warnings; -use CGI::Carp 'fatalsToBrowser'; +#use warnings; +#use CGI::Carp 'fatalsToBrowser'; my %mainsettings = (); &General::readhash("${General::swroot}/main/settings", \%mainsettings); @@ -1001,6 +1001,12 @@ sub openvpn_status($) { return $status; } +# Hook to regenerate the configuration files +if ($ENV{"REMOTE_ADDR"} eq "") { + &writeserverconf(); + exit(0); +} + ### ### Save Advanced options ### hooks/post-receive -- IPFire 2.x development tree