From 8d611ffd0424ba20aac45f63f5bdaa398b4cb557 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu, 14 Aug 2025 11:03:04 +0100
Subject: [PATCH] core197: Rewrite the entire OpenVPN server configuration

This also updates all CCD configuration files.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 config/backup/backup.pl             | 27 +--------------------------
 config/rootfiles/core/197/update.sh | 27 +--------------------------
 2 files changed, 2 insertions(+), 52 deletions(-)

diff --git a/config/backup/backup.pl b/config/backup/backup.pl
index ed7a68455..c9bc14355 100644
--- a/config/backup/backup.pl
+++ b/config/backup/backup.pl
@@ -350,32 +350,7 @@ restore_backup() {
 	fi
 
 	# Update the OpenVPN configuration
-	sed -r \
-		-e "s/^writepid .*/writepid \/var\/run\/openvpn-rw.pid/" \
-		-e "/ncp-disable/d" \
-		-e "s/^cipher (.*)/data-ciphers-fallback \1/" \
-		-e "s/^status .*/status \/var\/run\/openvpn-rw.log/" \
-		-i /var/ipfire/ovpn/server.conf
-
-	# Change to the subnet topology
-	if ! grep -q "topology subnet" /var/ipfire/ovpn/server.conf; then
-		echo "topology subnet" >> /var/ipfire/ovpn/server.conf
-	fi
-
-	# Migrate away from compression
-	if ! grep -q "compress migrate" /var/ipfire/ovpn/server.conf; then
-		echo "compress migrate" >> /var/ipfire/ovpn/server.conf
-	fi
-
-	# Enable the legacy provider (just in case)
-	if ! grep -q "providers legacy default" /var/ipfire/ovpn/server.conf; then
-		echo "providers legacy default" >> /var/ipfire/ovpn/server.conf
-	fi
-
-	# Enable explicit exit notification
-	if ! grep -q "explicit-exit-notify" /var/ipfire/ovpn/server.conf; then
-		echo "explicit-exit-notify" >> /var/ipfire/ovpn/server.conf
-	fi
+	sudo -u nobody /srv/web/ipfire/cgi-bin/ovpnmain.cgi
 
 	return 0
 }
diff --git a/config/rootfiles/core/197/update.sh b/config/rootfiles/core/197/update.sh
index dc9149499..0fd5cc6f0 100644
--- a/config/rootfiles/core/197/update.sh
+++ b/config/rootfiles/core/197/update.sh
@@ -123,32 +123,7 @@ ldconfig
 /usr/local/bin/filesystem-cleanup
 
 # Update the OpenVPN configuration
-sed -r \
-	-e "s/^writepid .*/writepid \/var\/run\/openvpn-rw.pid/" \
-	-e "/ncp-disable/d" \
-	-e "s/^cipher (.*)/data-ciphers-fallback \1/" \
-	-e "s/^status .*/status \/var\/run\/openvpn-rw.log/" \
-	-i /var/ipfire/ovpn/server.conf
-
-# Change to the subnet topology
-if ! grep -q "topology subnet" /var/ipfire/ovpn/server.conf; then
-	echo "topology subnet" >> /var/ipfire/ovpn/server.conf
-fi
-
-# Migrate away from compression
-if ! grep -q "compress migrate" /var/ipfire/ovpn/server.conf; then
-	echo "compress migrate" >> /var/ipfire/ovpn/server.conf
-fi
-
-# Enable the legacy provider (just in case)
-if ! grep -q "providers legacy default" /var/ipfire/ovpn/server.conf; then
-	echo "providers legacy default" >> /var/ipfire/ovpn/server.conf
-fi
-
-# Enable explicit exit notification
-if ! grep -q "explicit-exit-notify" /var/ipfire/ovpn/server.conf; then
-	echo "explicit-exit-notify" >> /var/ipfire/ovpn/server.conf
-fi
+sudo -u nobody /srv/web/ipfire/cgi-bin/ovpnmain.cgi
 
 # Apply SSH configuration
 /usr/local/bin/sshctrl
-- 
2.47.2