update.sh: Adds code to update an existing ovpnconfig with pass or no-pass

- The code checks first if ovpnconfig exists and is not empty. - Then it makes all net2net connections no-pass since they do not use encryption - Then it cycles through all .p12 files and checks with openssl if a password exists or not. If a password is present then pass is added to index 41 and if not then no-pass is added to index 41 - This code should be left in update.sh for future Core Updates in case people don't update with Core Update 175 but leave it till later. This code works fine on code that already has pass or no-pass entered into index 41 in ovpnconfig Fixes: Bug#11048 Suggested-by: Erik Kapfer <ummeegge@ipfire.org> Suggested-by: Adolf Belka <adolf.belka@ipfire.org> Tested-by: Erik Kapfer <ummeegge@ipfire.org> Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
2026-04-16 22:13:01 +02:00 · 2023-05-17 11:56:52 +02:00
parent 18bece0edb
commit 9cac1034bc
1 changed files with 24 additions and 0 deletions
--- a/config/rootfiles/core/175/update.sh
+++ b/config/rootfiles/core/175/update.sh
@@ -177,6 +177,30 @@ if [ -e /boot/pakfire-kernel-update ]; then
    /boot/pakfire-kernel-update ${KVER}
 fi

+## Modify ovpnconfig according to bug 11048 for pass, no-pass modification in ovpnconfig index
+# Check if ovpnconfig exists and is not empty
+if [ -s /var/ipfire/ovpn/ovpnconfig ]; then
+       # Make all N2N connections 'no-pass' since they do not use encryption
+       awk '{FS=OFS=","} {if($5=="net") {$43="no-pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new
+
+       # Evaluate roadwarrior connection names for *.p12 files
+       for y in $(awk -F',' '/host/ { print $3 }' /var/ipfire/ovpn/ovpnconfig); do
+           # Sort all unencrypted roadwarriors out and set 'no-pass' in [43] index
+               if [[ -n $(openssl pkcs12 -info -in /var/ipfire/ovpn/certs/${y}.p12 -noout -password pass:'' 2>&1 | grep 'Encrypted') ]]; then
+                       awk -v var="$y" '{FS=OFS=","} {if($3==var) {$43="no-pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new
+               fi
+	    # Sort all encrypted roadwarriors out and set 'pass' in [43] index
+               if [[ -n $(openssl pkcs12 -info -in /var/ipfire/ovpn/certs/${y}.p12 -noout -password pass:'' 2>&1 | grep 'error')  ]]; then
+                       awk -v var="$y" '{FS=OFS=","} {if($3==var) {$43="pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new
+               fi
+       done
+fi
+
+# Replace existing ovpnconfig with updated index
+mv /var/ipfire/ovpn/ovpnconfig.new /var/ipfire/ovpn/ovpnconfig
+# Set correct ownership
+chown nobody:nobody /var/ipfire/ovpn/ovpnconfig
+
 # This update needs a reboot...
 touch /var/run/need_reboot