From: Michael Tremer Date: Mon, 21 Jan 2019 17:40:12 +0000 (+0000) Subject: ipsec: Drop delayed restart setting X-Git-Url: http://git.ipfire.org/?p=people%2Fpmueller%2Fipfire-2.x.git;a=commitdiff_plain;h=38f6bdb74081bd68493d6636a20cda9b884d6bff;ds=sidebyside ipsec: Drop delayed restart setting This is a very bad race-condition situation and is not solved by an unintuitive setting. Signed-off-by: Michael Tremer --- diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi index 7c151e78de..c84884239a 100644 --- a/html/cgi-bin/vpnmain.cgi +++ b/html/cgi-bin/vpnmain.cgi @@ -505,18 +505,12 @@ if ($ENV{"REMOTE_ADDR"} eq "") { if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cgiparams{'KEY'} eq '') { &General::readhash("${General::swroot}/vpn/settings", \%vpnsettings); - unless ($cgiparams{'VPN_DELAYED_START'} =~ /^[0-9]{1,3}$/ ) { #allow 0-999 seconds ! - $errormessage = $Lang::tr{'invalid time period'}; - goto SAVE_ERROR; - } - if ( $cgiparams{'RW_NET'} ne '' and !&General::validipandmask($cgiparams{'RW_NET'}) ) { $errormessage = $Lang::tr{'urlfilter invalid ip or mask error'}; goto SAVE_ERROR; } $vpnsettings{'ENABLED'} = $cgiparams{'ENABLED'}; - $vpnsettings{'VPN_DELAYED_START'} = $cgiparams{'VPN_DELAYED_START'}; $vpnsettings{'RW_NET'} = $cgiparams{'RW_NET'}; &General::writehash("${General::swroot}/vpn/settings", \%vpnsettings); &writeipsecfiles(); @@ -2913,7 +2907,6 @@ EOF my @status = `/usr/local/bin/ipsecctrl I 2>/dev/null`; - $cgiparams{'VPN_DELAYED_START'} = 0 if (! defined ($cgiparams{'VPN_DELAYED_START'})); $checked{'ENABLED'} = $cgiparams{'ENABLED'} eq 'on' ? "checked='checked'" : ''; &Header::showhttpheaders(); @@ -2941,29 +2934,21 @@ EOF print < - - - -END -; -print < - - - - - - - -
$Lang::tr{'enabled'}
$Lang::tr{'vpn delayed start'}: **
$Lang::tr{'host to net vpn'}:
-
-
- - - - - - + + + + + + + + + + +
**  $Lang::tr{'vpn delayed start help'}
+ $Lang::tr{'enabled'} + + +
$Lang::tr{'host to net vpn'}:
END ; diff --git a/lfs/configroot b/lfs/configroot index 3cdd780fc7..4e6751eeef 100644 --- a/lfs/configroot +++ b/lfs/configroot @@ -111,7 +111,6 @@ $(TARGET) : cp $(DIR_SRC)/config/fwhosts/customservices $(CONFIG_ROOT)/fwhosts/customservices.default # Oneliner configfiles echo "ENABLED=off" > $(CONFIG_ROOT)/vpn/settings - echo "VPN_DELAYED_START=0" >>$(CONFIG_ROOT)/vpn/settings echo "01" > $(CONFIG_ROOT)/certs/serial echo "nameserver 1.2.3.4" > $(CONFIG_ROOT)/ppp/fake-resolv.conf echo "DROPNEWNOTSYN=on" >> $(CONFIG_ROOT)/optionsfw/settings diff --git a/src/initscripts/networking/red.up/50-ipsec b/src/initscripts/networking/red.up/50-ipsec index 99abf45923..c5e043f21c 100644 --- a/src/initscripts/networking/red.up/50-ipsec +++ b/src/initscripts/networking/red.up/50-ipsec @@ -1,7 +1,3 @@ #!/bin/bash -eval $(/usr/local/bin/readhash /var/ipfire/vpn/settings) - -sleep $VPN_DELAYED_START && /usr/local/bin/ipsecctrl S & - -exit 0 +exec /usr/local/bin/ipsecctrl S