From 13b7e3803cfd803d42d4ef082fba37859aa1e2f7 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Fri, 18 Jul 2025 10:30:29 +0000 Subject: [PATCH] core197: Migrate OpenVPN configuration changes Signed-off-by: Michael Tremer --- config/backup/backup.pl | 26 ++++++++++++++++++++++ config/rootfiles/core/197/filelists/files | 1 + config/rootfiles/core/197/update.sh | 27 +++++++++++++++++++++++ 3 files changed, 54 insertions(+) diff --git a/config/backup/backup.pl b/config/backup/backup.pl index fe62213e8..f49073b1e 100644 --- a/config/backup/backup.pl +++ b/config/backup/backup.pl @@ -349,6 +349,32 @@ restore_backup() { rm /var/log/pakfire.log fi + # Update the OpenVPN configuration + sed -r \ + -e "s/^writepid .*/writepid \/var\/run\/openvpn-rw.pid/" \ + -e "/ncp-disable/d" \ + -e "s/^cipher (.*)/data-ciphers-fallback \1/" \ + -i /var/ipfire/ovpn/server.conf + + # Change to the subnet topology + if ! grep -q "topology subnet" /var/ipfire/ovpn/server.conf; then + echo "topology subnet" >> /var/ipfire/ovpn/server.conf + fi + + # Migrate away from compression + if ! grep -q "compress migrate" /var/ipfire/ovpn/server.conf; then + echo "compress migrate" >> /var/ipfire/ovpn/server.conf + fi + + # Enable the legacy provider (just in case) + if ! grep -q "providers legacy default" /var/ipfire/ovpn/server.conf; then + echo "providers legacy default" >> /var/ipfire/ovpn/server.conf + fi + + # Enable explicit exit notification + if ! grep -q "explicit-exit-notify" /var/ipfire/ovpn/server.conf; then + echo "explicit-exit-notify" >> /var/ipfire/ovpn/server.conf + fi return 0 } diff --git a/config/rootfiles/core/197/filelists/files b/config/rootfiles/core/197/filelists/files index b197f3f2a..3d3aaa46a 100644 --- a/config/rootfiles/core/197/filelists/files +++ b/config/rootfiles/core/197/filelists/files @@ -14,6 +14,7 @@ srv/web/ipfire/cgi-bin/services.cgi srv/web/ipfire/cgi-bin/vulnerabilities.cgi srv/web/ipfire/html/themes/ipfire/include/css/style.css usr/local/bin/openvpnctrl +var/ipfire/backup/bin/backup.pl var/ipfire/general-functions.pl var/ipfire/header.pl var/ipfire/langs/list diff --git a/config/rootfiles/core/197/update.sh b/config/rootfiles/core/197/update.sh index b72797e24..5ed9385cc 100644 --- a/config/rootfiles/core/197/update.sh +++ b/config/rootfiles/core/197/update.sh @@ -54,6 +54,33 @@ ldconfig # Filesytem cleanup /usr/local/bin/filesystem-cleanup +# Update the OpenVPN configuration +sed -r \ + -e "s/^writepid .*/writepid \/var\/run\/openvpn-rw.pid/" \ + -e "/ncp-disable/d" \ + -e "s/^cipher (.*)/data-ciphers-fallback \1/" \ + -i /var/ipfire/ovpn/server.conf + +# Change to the subnet topology +if ! grep -q "topology subnet" /var/ipfire/ovpn/server.conf; then + echo "topology subnet" >> /var/ipfire/ovpn/server.conf +fi + +# Migrate away from compression +if ! grep -q "compress migrate" /var/ipfire/ovpn/server.conf; then + echo "compress migrate" >> /var/ipfire/ovpn/server.conf +fi + +# Enable the legacy provider (just in case) +if ! grep -q "providers legacy default" /var/ipfire/ovpn/server.conf; then + echo "providers legacy default" >> /var/ipfire/ovpn/server.conf +fi + +# Enable explicit exit notification +if ! grep -q "explicit-exit-notify" /var/ipfire/ovpn/server.conf; then + echo "explicit-exit-notify" >> /var/ipfire/ovpn/server.conf +fi + # Apply SSH configuration /usr/local/bin/sshctrl -- 2.47.3