search

ericpaulbishop / gargoyle

Gargoyle Router Management Utility
http://www.gargoyle-router.com
465 stars 222 forks source link

openvpn: garbage after server removal #922

Closed obsy closed 3 years ago

obsy commented 3 years ago

If you create openserver, add/delete some user, and disable serwer - remains garbage in /etc/config/openvpn: tls_verify and crl_verify. Next, when you create client - these option still in config; this adds to client config (unnecessary)

config openvpn 'custom_config' option script_security '2' option up '/etc/openvpn.up' option down '/etc/openvpn.down' option tls_verify '/usr/lib/gargoyle/ovpn-cn-check.sh /etc/openvpn/verified-userlist' option crl_verify '/etc/openvpn/crl.pem' option config '/etc/openvpn/grouter_client_zplbftgxtzeo.conf' option enabled '1'

tls_verify and crl_verify come from old (deleted) server config, not from valid client config. `

lantis1008 commented 3 years ago

Can you please check https://github.com/ericpaulbishop/gargoyle/blob/master/package/plugin-gargoyle-openvpn/files/www/utility/openvpn_upload_client.sh#L341 After this line insert

uci delete openvpn.custom_config.tls_verify
uci delete openvpn.custom_config.crl_verify

Which should resolve the issue.

It looks like the upload config script does not take care of these variables. A subsequent save in the page which invokes the saveChanges() function would clean this up.

If OK, i'll patch it.

obsy commented 3 years ago

Yes, this fix problem:

uci -q del openvpn.custom_config.tls_verify uci -q del openvpn.custom_config.crl_verify

(add -q to prevent unnecessary error if option not found)

lantis1008 commented 3 years ago

I think all the lines preceding it redirect error to devnull. I might switch them all to -q instead?

obsy commented 3 years ago

IMO use -q, not /dev/null.

lantis1008 commented 3 years ago

Fixed in 2b011159509731da7b9fe083b16578f4dfb36b51 Sorry forgot to tag it