core197: Migrate OpenVPN configuration changes

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/config/backup/backup.pl b/config/backup/backup.pl
index fe62213e80890575a1605e5888faba62fe1000db..f49073b1efea4b960d31efad67df3c54ffb59d13 100644 (file)
--- a/config/backup/backup.pl
+++ b/config/backup/backup.pl
@@ -349,6 +349,32 @@ restore_backup() {
                rm /var/log/pakfire.log
        fi
 
+       # Update the OpenVPN configuration
+       sed -r \
+               -e "s/^writepid .*/writepid \/var\/run\/openvpn-rw.pid/" \
+               -e "/ncp-disable/d" \
+               -e "s/^cipher (.*)/data-ciphers-fallback \1/" \
+               -i /var/ipfire/ovpn/server.conf
+
+       # Change to the subnet topology
+       if ! grep -q "topology subnet" /var/ipfire/ovpn/server.conf; then
+               echo "topology subnet" >> /var/ipfire/ovpn/server.conf
+       fi
+
+       # Migrate away from compression
+       if ! grep -q "compress migrate" /var/ipfire/ovpn/server.conf; then
+               echo "compress migrate" >> /var/ipfire/ovpn/server.conf
+       fi
+
+       # Enable the legacy provider (just in case)
+       if ! grep -q "providers legacy default" /var/ipfire/ovpn/server.conf; then
+               echo "providers legacy default" >> /var/ipfire/ovpn/server.conf
+       fi
+
+       # Enable explicit exit notification
+       if ! grep -q "explicit-exit-notify" /var/ipfire/ovpn/server.conf; then
+               echo "explicit-exit-notify" >> /var/ipfire/ovpn/server.conf
+       fi
 
        return 0
 }

diff --git a/config/rootfiles/core/197/filelists/files b/config/rootfiles/core/197/filelists/files
index b197f3f2ae5fbf166ccae16bb6d1b1f7d0cd00a3..3d3aaa46ad94d11d5c46a460cd92d4d467512d22 100644 (file)
--- a/config/rootfiles/core/197/filelists/files
+++ b/config/rootfiles/core/197/filelists/files
@@ -14,6 +14,7 @@ srv/web/ipfire/cgi-bin/services.cgi
 srv/web/ipfire/cgi-bin/vulnerabilities.cgi
 srv/web/ipfire/html/themes/ipfire/include/css/style.css
 usr/local/bin/openvpnctrl
+var/ipfire/backup/bin/backup.pl
 var/ipfire/general-functions.pl
 var/ipfire/header.pl
 var/ipfire/langs/list

diff --git a/config/rootfiles/core/197/update.sh b/config/rootfiles/core/197/update.sh
index b72797e24bc60335ab8b71fca0e864276c67ac2a..5ed9385ccca08e6433bbaed725528fe433c9e602 100644 (file)
--- a/config/rootfiles/core/197/update.sh
+++ b/config/rootfiles/core/197/update.sh
@@ -54,6 +54,33 @@ ldconfig
 # Filesytem cleanup
 /usr/local/bin/filesystem-cleanup
 
+# Update the OpenVPN configuration
+sed -r \
+       -e "s/^writepid .*/writepid \/var\/run\/openvpn-rw.pid/" \
+       -e "/ncp-disable/d" \
+       -e "s/^cipher (.*)/data-ciphers-fallback \1/" \
+       -i /var/ipfire/ovpn/server.conf
+
+# Change to the subnet topology
+if ! grep -q "topology subnet" /var/ipfire/ovpn/server.conf; then
+       echo "topology subnet" >> /var/ipfire/ovpn/server.conf
+fi
+
+# Migrate away from compression
+if ! grep -q "compress migrate" /var/ipfire/ovpn/server.conf; then
+       echo "compress migrate" >> /var/ipfire/ovpn/server.conf
+fi
+
+# Enable the legacy provider (just in case)
+if ! grep -q "providers legacy default" /var/ipfire/ovpn/server.conf; then
+       echo "providers legacy default" >> /var/ipfire/ovpn/server.conf
+fi
+
+# Enable explicit exit notification
+if ! grep -q "explicit-exit-notify" /var/ipfire/ovpn/server.conf; then
+       echo "explicit-exit-notify" >> /var/ipfire/ovpn/server.conf
+fi
+
 # Apply SSH configuration
 /usr/local/bin/sshctrl