backup.pl: Ensure ncp-disable is removed from old backups and DATACIPHERS added

- With commit https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=e04f5376ba18767a6a9eccf104c472295a75340b
   then the settings file which is hashed into %vpnsettings already exists and so none
   of the defaults are set. Running the ovpnmain.cgi code resolves this for most of the
   settings but not for ncp-disable being present in server.conf and no DATACIPHERS entry
   in the settings file. ncp-disable then causes the openvpn server to fail to start as
   it is no longer recognised in OpenVPN-2.6
- This patch checks if ncp-disable is in the server.conf file from the restored backup
   and if it is it is then removed and the default values for DATACIPHERS is added into
   the settings file.
- Tested out in my vm testbed and successfully worked. The previously found issue after
   the above patch was added in has been resolved.
- Associated patch in this set is to do a similar thing for the update.sh file for CU197

Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/config/backup/backup.pl b/config/backup/backup.pl
index e79f510c67bb43e2f580d600cf5c4bf91d118063..42d24aa3c460f8878c3a7c985c1f8693834e4669 100644 (file)
--- a/config/backup/backup.pl
+++ b/config/backup/backup.pl
@@ -350,6 +350,11 @@ restore_backup() {
        fi
 
        # Update the OpenVPN configuration and restart the openvpn daemons
+       if grep -q "ncp-disable" /var/ipfire/ovpn/server.conf; then
+               sed -r -e "/ncp-disable/d" -i /var/ipfire/ovpn/server.conf
+               echo "DATACIPHERS=AES-256-GCM|AES-128-GCM|CHACHA20-POLY1305" >> \
+                       /var/ipfire/ovpn/settings
+       fi
        sudo -u nobody /srv/web/ipfire/cgi-bin/ovpnmain.cgi
        /etc/init.d/openvpn-n2n restart
        /etc/init.d/openvpn-rw restart