From d64471be0428a26cef16f67142357532c3478d25 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Sun, 12 Apr 2015 22:28:42 +0200 Subject: [PATCH 1/4] core89: Do not add collectd include multiple times --- config/rootfiles/core/89/update.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/config/rootfiles/core/89/update.sh b/config/rootfiles/core/89/update.sh index e15f9378b..713b5ef8e 100644 --- a/config/rootfiles/core/89/update.sh +++ b/config/rootfiles/core/89/update.sh @@ -47,7 +47,9 @@ cat <> /etc/sysconfig/createfiles EOF # Update /etc/collectd.conf -echo "include \"/etc/collectd.vpn\"" >> /etc/collectd.conf +if ! grep -q "collectd.vpn" /etc/collectd.conf; then + echo "include \"/etc/collectd.vpn\"" >> /etc/collectd.conf +fi # Generate ddns configuration file sudo -u nobody /srv/web/ipfire/cgi-bin/ddns.cgi From 278460822700c02a608e1f296b38ab15394d4d48 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Sun, 12 Apr 2015 22:33:16 +0200 Subject: [PATCH 2/4] core89: Fix permissions of collectd.vpn after update --- config/rootfiles/core/89/update.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/config/rootfiles/core/89/update.sh b/config/rootfiles/core/89/update.sh index 713b5ef8e..832feaad6 100644 --- a/config/rootfiles/core/89/update.sh +++ b/config/rootfiles/core/89/update.sh @@ -70,6 +70,7 @@ rm -f \ # Update OpenVPN/collectd configuration /usr/sbin/ovpn-collectd-convert +chown nobody.nobody /var/ipfire/ovpn/collectd.vpn # Fix #10625 mkdir -p /etc/logrotate.d From 79e7688b694a010246fae5b0bdb23eb92b3f19a0 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Sun, 12 Apr 2015 22:33:41 +0200 Subject: [PATCH 3/4] ovpnmain.cgi: Remove DDEVICE setting This was used to select a TUN or TAP device from which TAP was never supported anyway. --- html/cgi-bin/ovpnmain.cgi | 30 +++++++++++------------------- 1 file changed, 11 insertions(+), 19 deletions(-) diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 9550ca673..7ca62de31 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -213,7 +213,7 @@ sub writeserverconf { print CONF "writepid /var/run/openvpn.pid\n"; print CONF "#DAN prepare OpenVPN for listening on blue and orange\n"; print CONF ";local $sovpnsettings{'VPN_IP'}\n"; - print CONF "dev $sovpnsettings{'DDEVICE'}\n"; + print CONF "dev tun\n"; print CONF "proto $sovpnsettings{'DPROTOCOL'}\n"; print CONF "port $sovpnsettings{'DDEST_PORT'}\n"; print CONF "script-security 3 system\n"; @@ -231,15 +231,15 @@ sub writeserverconf { # Check if we are using mssfix, fragment or mtu-disc and set the corretct mtu of 1500. # If we doesn't use one of them, we can use the configured mtu value. if ($sovpnsettings{'MSSFIX'} eq 'on') - { print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; } + { print CONF "tun-mtu 1500\n"; } elsif ($sovpnsettings{'FRAGMENT'} ne '' && $sovpnsettings{'DPROTOCOL'} ne 'tcp') - { print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; } + { print CONF "tun-mtu 1500\n"; } elsif (($sovpnsettings{'PMTU_DISCOVERY'} eq 'yes') || ($sovpnsettings{'PMTU_DISCOVERY'} eq 'maybe') || ($sovpnsettings{'PMTU_DISCOVERY'} eq 'no' )) - { print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; } + { print CONF "tun-mtu 1500\n"; } else - { print CONF "$sovpnsettings{'DDEVICE'}-mtu $sovpnsettings{'DMTU'}\n"; } + { print CONF "tun-mtu $sovpnsettings{'DMTU'}\n"; } if ($vpnsettings{'ROUTES_PUSH'} ne '') { @temp = split(/\n/,$vpnsettings{'ROUTES_PUSH'}); @@ -1167,7 +1167,6 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg $vpnsettings{'VPN_IP'} = $cgiparams{'VPN_IP'}; #new settings for daemon $vpnsettings{'DOVPN_SUBNET'} = $cgiparams{'DOVPN_SUBNET'}; - $vpnsettings{'DDEVICE'} = $cgiparams{'DDEVICE'}; $vpnsettings{'DPROTOCOL'} = $cgiparams{'DPROTOCOL'}; $vpnsettings{'DDEST_PORT'} = $cgiparams{'DDEST_PORT'}; $vpnsettings{'DMTU'} = $cgiparams{'DMTU'}; @@ -2138,7 +2137,7 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ print CLIENTCONF "# Server Gateway Network\n"; print CLIENTCONF "route $remsubnet[0] $remsubnet[1]\n"; print CLIENTCONF "# tun Device\n"; - print CLIENTCONF "dev $vpnsettings{'DDEVICE'}\n"; + print CLIENTCONF "dev tun\n"; print CLIENTCONF "# Port and Protokoll\n"; print CLIENTCONF "port $confighash{$cgiparams{'KEY'}}[29]\n"; @@ -2230,21 +2229,21 @@ else print CLIENTCONF "tls-client\r\n"; print CLIENTCONF "client\r\n"; print CLIENTCONF "nobind\r\n"; - print CLIENTCONF "dev $vpnsettings{'DDEVICE'}\r\n"; + print CLIENTCONF "dev tun\r\n"; print CLIENTCONF "proto $vpnsettings{'DPROTOCOL'}\r\n"; # Check if we are using fragment, mssfix or mtu-disc and set MTU to 1500 # or use configured value. if ($vpnsettings{FRAGMENT} ne '' && $vpnsettings{DPROTOCOL} ne 'tcp' ) - { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\r\n"; } + { print CLIENTCONF "tun-mtu 1500\r\n"; } elsif ($vpnsettings{MSSFIX} eq 'on') - { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\r\n"; } + { print CLIENTCONF "tun-mtu 1500\r\n"; } elsif (($vpnsettings{'PMTU_DISCOVERY'} eq 'yes') || ($vpnsettings{'PMTU_DISCOVERY'} eq 'maybe') || ($vpnsettings{'PMTU_DISCOVERY'} eq 'no' )) - { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\r\n"; } + { print CLIENTCONF "tun-mtu 1500\r\n"; } else - { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu $vpnsettings{'DMTU'}\r\n"; } + { print CLIENTCONF "tun-mtu $vpnsettings{'DMTU'}\r\n"; } if ( $vpnsettings{'ENABLED'} eq 'on'){ print CLIENTCONF "remote $vpnsettings{'VPN_IP'} $vpnsettings{'DDEST_PORT'}\r\n"; @@ -4951,9 +4950,6 @@ END $checked{'ENABLED_ORANGE'}{'off'} = ''; $checked{'ENABLED_ORANGE'}{'on'} = ''; $checked{'ENABLED_ORANGE'}{$cgiparams{'ENABLED_ORANGE'}} = 'CHECKED'; - $selected{'DDEVICE'}{'tun'} = ''; - $selected{'DDEVICE'}{'tap'} = ''; - $selected{'DDEVICE'}{$cgiparams{'DDEVICE'}} = 'SELECTED'; $selected{'DPROTOCOL'}{'udp'} = ''; $selected{'DPROTOCOL'}{'tcp'} = ''; @@ -5045,10 +5041,6 @@ END print <$Lang::tr{'local vpn hostname/ip'}:
$Lang::tr{'ovpn subnet'}
- $Lang::tr{'ovpn device'} - From abd93c424197b8e0bd3dbc57fcef43cdfc0141ab Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Sun, 12 Apr 2015 22:44:50 +0200 Subject: [PATCH 4/4] collectd: Ignore errors from OpenVPN configuration file --- lfs/collectd | 1 + src/patches/collectd/silence-openvpn-errors.patch | 13 +++++++++++++ 2 files changed, 14 insertions(+) create mode 100644 src/patches/collectd/silence-openvpn-errors.patch diff --git a/lfs/collectd b/lfs/collectd index 6f9c0e515..1573e3874 100644 --- a/lfs/collectd +++ b/lfs/collectd @@ -101,6 +101,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && patch -p1 -i $(DIR_SRC)/src/patches/collectd/0020-openvpn-Make-read-functions-robust-like-in-8516f9abb.patch cd $(DIR_APP) && patch -p1 -i $(DIR_SRC)/src/patches/collectd/0021-openvpn-Fix-copy-and-paste-error.patch cd $(DIR_APP) && patch -p1 -i $(DIR_SRC)/src/patches/collectd/0022-openvpn-Change-data-type-from-COUNTER-to-DERIVE.patch + cd $(DIR_APP) && patch -p1 -i $(DIR_SRC)/src/patches/collectd/silence-openvpn-errors.patch cd $(DIR_APP) && ./configure --prefix=/usr --localstatedir=/var \ --disable-{apple_sensors,csv,ipvs,mbmon,memcached,mysql} \ --disable-{netlink,nginx,nut,perl,serial,snmp,tape,vserver,xmms} \ diff --git a/src/patches/collectd/silence-openvpn-errors.patch b/src/patches/collectd/silence-openvpn-errors.patch new file mode 100644 index 000000000..c9097616c --- /dev/null +++ b/src/patches/collectd/silence-openvpn-errors.patch @@ -0,0 +1,13 @@ +diff --git a/src/openvpn.c b/src/openvpn.c +index d446e9957b68..cc33eed61e25 100644 +--- a/src/openvpn.c ++++ b/src/openvpn.c +@@ -567,7 +567,7 @@ static int openvpn_read (void) + read += vpn_read; + } + +- return (read ? 0 : -1); ++ return 0; + } /* int openvpn_read */ + + static int version_detect (const char *filename)