* [git.ipfire.org] IPFire 2.x development tree branch, master, updated. 351113e21eecd730b33a2d73c1bb74eff9fcb845
@ 2025-08-29 10:40 Michael Tremer
0 siblings, 0 replies; only message in thread
From: Michael Tremer @ 2025-08-29 10:40 UTC (permalink / raw)
To: ipfire-scm
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, master has been updated
via 351113e21eecd730b33a2d73c1bb74eff9fcb845 (commit)
via 7c86a0354a4e5d0dc970c0500864a95ff60f04a3 (commit)
via 676ce3b4cfdc72c758380da512ee3a00c370623e (commit)
via 5339b5bc1ada6b4148384bc7db5e5b91b519c895 (commit)
via 6c35b21c6760c6f9f6cfa57dbca0a5a917baa470 (commit)
from 198025111e37a80944dbab9ddd57967945e27949 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 351113e21eecd730b33a2d73c1bb74eff9fcb845
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Aug 29 11:40:06 2025 +0100
ovpnmain.cgi: Initialize some checkboxes when storing settiings
This should hopefully resolve this problem:
https://lists.ipfire.org/development/118761f0-24cd-4a62-b064-8d87dffc6b89@ipfire.org/
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 7c86a0354a4e5d0dc970c0500864a95ff60f04a3
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Aug 29 11:35:50 2025 +0100
Revert "ovpnmain.cgi: Apply default settings when neccessary"
This reverts commit e04f5376ba18767a6a9eccf104c472295a75340b.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 676ce3b4cfdc72c758380da512ee3a00c370623e
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Aug 29 11:33:48 2025 +0100
Revert "update.sh: Ensure ncp-disable is removed from config and DATACIPHERS added"
This reverts commit 198025111e37a80944dbab9ddd57967945e27949.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 5339b5bc1ada6b4148384bc7db5e5b91b519c895
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Aug 29 11:33:32 2025 +0100
Revert "backup.pl: Ensure ncp-disable is removed from old backups and DATACIPHERS added"
This reverts commit 7245ddf773b78be5fd0675d2e260b3da7855ac2c.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 6c35b21c6760c6f9f6cfa57dbca0a5a917baa470
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Aug 29 11:28:17 2025 +0100
ovpnmain.cgi: Remove dead code
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/backup/backup.pl | 5 ----
config/rootfiles/core/197/update.sh | 4 ----
html/cgi-bin/ovpnmain.cgi | 48 ++++++++++++++++---------------------
3 files changed, 20 insertions(+), 37 deletions(-)
Difference in files:
diff --git a/config/backup/backup.pl b/config/backup/backup.pl
index 42d24aa3c..e79f510c6 100644
--- a/config/backup/backup.pl
+++ b/config/backup/backup.pl
@@ -350,11 +350,6 @@ restore_backup() {
fi
# Update the OpenVPN configuration and restart the openvpn daemons
- if grep -q "ncp-disable" /var/ipfire/ovpn/server.conf; then
- sed -r -e "/ncp-disable/d" -i /var/ipfire/ovpn/server.conf
- echo "DATACIPHERS=AES-256-GCM|AES-128-GCM|CHACHA20-POLY1305" >> \
- /var/ipfire/ovpn/settings
- fi
sudo -u nobody /srv/web/ipfire/cgi-bin/ovpnmain.cgi
/etc/init.d/openvpn-n2n restart
/etc/init.d/openvpn-rw restart
diff --git a/config/rootfiles/core/197/update.sh b/config/rootfiles/core/197/update.sh
index f1800b2c0..0fd5cc6f0 100644
--- a/config/rootfiles/core/197/update.sh
+++ b/config/rootfiles/core/197/update.sh
@@ -123,10 +123,6 @@ ldconfig
/usr/local/bin/filesystem-cleanup
# Update the OpenVPN configuration
-if grep -q "ncp-disable" /var/ipfire/ovpn/server.conf; then
- sed -r -e "/ncp-disable/d" -i /var/ipfire/ovpn/server.conf
- echo "DATACIPHERS=AES-256-GCM|AES-128-GCM|CHACHA20-POLY1305" >> /var/ipfire/ovpn/settings
-fi
sudo -u nobody /srv/web/ipfire/cgi-bin/ovpnmain.cgi
# Apply SSH configuration
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index dfe7f8ad5..0b2513174 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -132,7 +132,7 @@ my $col="";
"MAX_CLIENTS" => 100,
"MSSFIX" => "off",
"TLSAUTH" => "on",
-}) unless (%vpnsettings);
+});
# Load CGI parameters
&Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'});
@@ -211,6 +211,21 @@ sub deletebackupcert
}
}
+# Writes the OpenVPN RW server settings and ensures that some values are set
+sub writesettings() {
+ # Initialize TLSAUTH
+ if ($vpnsettings{"TLSAUTH"} eq "") {
+ $vpnsettings{"TLSAUTH"} = "off";
+ }
+
+ # Initialize MSSFIX
+ if ($vpnsettings{"MSSFIX"} eq "") {
+ $vpnsettings{"MSSFIX"} = "off";
+ }
+
+ &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
+}
+
sub writeserverconf {
# Do we require the OpenSSL Legacy Provider?
my $requires_legacy_provider = 0;
@@ -1067,7 +1082,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) {
}
if ($cgiparams{'MSSFIX'} ne 'on') {
- delete $vpnsettings{'MSSFIX'};
+ $vpnsettings{'MSSFIX'} = "off";
} else {
$vpnsettings{'MSSFIX'} = $cgiparams{'MSSFIX'};
}
@@ -1124,7 +1139,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) {
}
# Store our configuration
- &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
+ &writesettings();
# Write the server configuration
&writeserverconf();
@@ -1419,7 +1434,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg
$vpnsettings{'DOVPN_SUBNET'} = $cgiparams{'DOVPN_SUBNET'};
# Store our configuration
- &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
+ &writesettings();
# Write the OpenVPN server configuration
&writeserverconf();
@@ -1596,7 +1611,6 @@ END
$cahash{$key}[0] = $cgiparams{'CA_NAME'};
$cahash{$key}[1] = $casubject;
&General::writehasharray("${General::swroot}/ovpn/caconfig", \%cahash);
-# system('/usr/local/bin/ipsecctrl', 'R');
UPLOADCA_ERROR:
@@ -1652,22 +1666,15 @@ END
foreach my $key (keys %confighash) {
my @test = &General::system_output("/usr/bin/openssl", "verify", "-CAfile", "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem", "${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem");
if (grep(/: OK/, @test)) {
- # Delete connection
-# if ($vpnsettings{'ENABLED'} eq 'on' ||
-# $vpnsettings{'ENABLED_BLUE'} eq 'on') {
-# system('/usr/local/bin/ipsecctrl', 'D', $key);
-# }
unlink ("${General::swroot}/ovpn//certs/$confighash{$key}[1]cert.pem");
unlink ("${General::swroot}/ovpn/certs/$confighash{$key}[1].p12");
delete $confighash{$key};
&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
-# &writeipsecfiles();
}
}
unlink ("${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
delete $cahash{$cgiparams{'KEY'}};
&General::writehasharray("${General::swroot}/ovpn/caconfig", \%cahash);
-# system('/usr/local/bin/ipsecctrl', 'R');
} else {
$errormessage = $Lang::tr{'invalid key'};
}
@@ -1710,7 +1717,6 @@ END
unlink ("${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
delete $cahash{$cgiparams{'KEY'}};
&General::writehasharray("${General::swroot}/ovpn/caconfig", \%cahash);
-# system('/usr/local/bin/ipsecctrl', 'R');
}
} else {
$errormessage = $Lang::tr{'invalid key'};
@@ -1978,7 +1984,7 @@ END
$vpnsettings{'ROOTCERT_CITY'} = $cgiparams{'ROOTCERT_CITY'};
$vpnsettings{'ROOTCERT_STATE'} = $cgiparams{'ROOTCERT_STATE'};
$vpnsettings{'ROOTCERT_COUNTRY'} = $cgiparams{'ROOTCERT_COUNTRY'};
- &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
+ &writesettings();
# Replace empty strings with a .
(my $ou = $cgiparams{'ROOTCERT_OU'}) =~ s/^\s*$/\./;
@@ -2178,10 +2184,6 @@ END
ROOTCERT_SUCCESS:
&General::system("chmod", "600", "${General::swroot}/ovpn/certs/serverkey.pem");
-# if ($vpnsettings{'ENABLED'} eq 'on' ||
-# $vpnsettings{'ENABLE_BLUE'} eq 'on') {
-# system('/usr/local/bin/ipsecctrl', 'S');
-# }
###
### Enable/Disable connection
@@ -3238,19 +3240,9 @@ END
if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') {
$confighash{$cgiparams{'KEY'}}[0] = 'on';
&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
- #&writeserverconf();
-# if ($vpnsettings{'ENABLED'} eq 'on' ||
-# $vpnsettings{'ENABLED_BLUE'} eq 'on') {
-# system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'});
-# }
} else {
$confighash{$cgiparams{'KEY'}}[0] = 'off';
-# if ($vpnsettings{'ENABLED'} eq 'on' ||
-# $vpnsettings{'ENABLED_BLUE'} eq 'on') {
-# system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'});
-# }
&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
- #&writeserverconf();
}
} else {
$errormessage = $Lang::tr{'invalid key'};
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2025-08-29 10:40 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-08-29 10:40 [git.ipfire.org] IPFire 2.x development tree branch, master, updated. 351113e21eecd730b33a2d73c1bb74eff9fcb845 Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox