diff options
| author | Christian Poessinger <christian@poessinger.com> | 2020-04-19 17:34:11 +0200 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2020-04-19 17:35:07 +0200 |
| commit | 70e008f858be2b88e7402a176c9d9f6ec537ade7 (patch) | |
| tree | 48b28c612b1880a845e5d558fbeac84cccbedb27 | |
| parent | 5cbba3a13868d95e2b14ccac2744de09aaeca805 (diff) | |
| download | vyos-1x-70e008f858be2b88e7402a176c9d9f6ec537ade7.tar.gz vyos-1x-70e008f858be2b88e7402a176c9d9f6ec537ade7.zip | |
openvpn: T2336: fix auth-user-pass file generation
Bug introduced in commit b36e6e6 ("openvpn: T2273: migrate from SysVinit to
systemd") as not all relevant configuration files have been re-rendered
into /run/openvpn
| -rw-r--r-- | data/templates/openvpn/server.conf.tmpl | 2 | ||||
| -rwxr-xr-x | src/conf_mode/interfaces-openvpn.py | 11 |
2 files changed, 7 insertions, 6 deletions
diff --git a/data/templates/openvpn/server.conf.tmpl b/data/templates/openvpn/server.conf.tmpl index 0f563dc2b..53fe8d400 100644 --- a/data/templates/openvpn/server.conf.tmpl +++ b/data/templates/openvpn/server.conf.tmpl @@ -233,7 +233,7 @@ auth {{ hash }} {%- endif -%} {%- if auth %} -auth-user-pass /tmp/openvpn-{{ intf }}-pw +auth-user-pass {{ auth_user_pass_file }} auth-retry nointeract {%- endif %} diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py index 9cea07a61..c1c108aa5 100755 --- a/src/conf_mode/interfaces-openvpn.py +++ b/src/conf_mode/interfaces-openvpn.py @@ -38,6 +38,7 @@ default_config_data = { 'address': [], 'auth_user': '', 'auth_pass': '', + 'auth_user_pass_file': '', 'auth': False, 'bridge_member': [], 'compress_lzo': False, @@ -944,17 +945,17 @@ def generate(openvpn): fix_permissions.append(openvpn['tls_key']) # Generate User/Password authentication file - user_auth_file = f'/tmp/openvpn-{interface}-pw' + openvpn['auth_user_pass_file'] = f'/run/openvpn/{interface}.pw' if openvpn['auth']: - with open(user_auth_file, 'w') as f: + with open(openvpn['auth_user_pass_file'], 'w') as f: f.write('{}\n{}'.format(openvpn['auth_user'], openvpn['auth_pass'])) # also change permission on auth file - fix_permissions.append(user_auth_file) + fix_permissions.append(openvpn['auth_user_pass_file']) else: # delete old auth file if present - if os.path.isfile(user_auth_file): - os.remove(user_auth_file) + if os.path.isfile(openvpn['auth_user_pass_file']): + os.remove(openvpn['auth_user_pass_file']) # Generate client specific configuration for client in openvpn['client']: |