Openvpn hooks

[hidrarga]

Problem

As said in #116, I'm moving what's doing ynh-vpnclient service to OpenVPN hooks.

Solution

There are a lot of changes, sorry :/

I had to remove the yunohost firewall reload stuff because there are lock issues with it. Instead I'm adding / removing rules manually. This isn't too complex I think, and it's faster, so why not?

I'm also improving some stuff, such as the .ynh-vpnclient-started file which wasn't properly erased on error, or which wasn't checked by the ynh-vpnclient-checker timer…

I'm removing the ynh-vpnclient status, and I moved it's content inside the hooks. Honestly I don't even know if this used, or maybe for debugging purpose?

Finally, I changed the priority of the hook 20-set-ipv6 in order to run it after the firewall rules and the DNS configuration.

PR Status

• [x] Code finished and ready to be reviewed/tested
• [x] The fix/enhancement were manually tested (if applicable)

Automatic tests

Automatic tests can be triggered on https://ci-apps-dev.yunohost.org/ after creating the PR, by commenting "!testme", "!gogogadgetoci" or "By the power of systemd, I invoke The Great App CI to test this Pull Request!". (N.B. : for this to work you need to be a member of the Yunohost-Apps organization)

[hidrarga]

!testme

[yunohost-bot]

Alrighty!

[hidrarga]

For the firewall issue, the trick is to use

yunohost service stop ynh-vpnclient

I needed that for upgrading the app… But otherwise it's not needed since I'm adding the VPN rules manually, which is faster than reloading the firewall. Unless we don't want updating firewall rules that way?

[alexAubin]

I had to remove the yunohost firewall reload stuff because there are lock issues with it. Instead I'm adding / removing rules manually. This isn't too complex I think, and it's faster, so why not?

Sounds like an interesting twist ... I don't have enough insight to tell if there was a good reason for the initial design ... to me naively it sounds like using yunohost firewall reload had an "already implemented hook system" so it was somewhat practical to use it. If that's it, then your new proposed designed sounds indeed more efficient ?

ping @zamentur in case you have time and insight about this ...

[zamentur]

if i understand, the post-iptables hook is keeped in order to manage the case when the admin reload the firewall, and in more we have openvpn hooks. LGTM (it's a very quick review, i know, sadly i don't think i will have more time to review more)

Thanks to all people who work on this :)

[hidrarga]

!testme

[yunohost-bot]

:carousel_horse:

[hidrarga]

!testme

[yunohost-bot]

Alrighty!

[hidrarga]

!testme

[yunohost-bot]

Fingers crossed!