openvpn: T2146: delete old client configs

Previously old client configs for clients that were deleted from
the server stayed in the ccd directory, causing them to still be
used. As we can't know which clients were deleted, this deletes
all the client configs as they are recreated shortly later.

1 files changed, 7 insertions, 5 deletions

diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index 3a3c69e37..fe49f776b 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -28,6 +28,7 @@ from psutil import pid_exists
 from pwd import getpwnam
 from subprocess import Popen, PIPE
 from time import sleep
+from shutil import rmtree
 
 from vyos import ConfigError
 from vyos.config import Config
@@ -899,6 +900,10 @@ def generate(openvpn):
     interface = openvpn['intf']
     directory = os.path.dirname(get_config_name(interface))
 
+    # we can't know which clients were deleted, remove all client configs
+    if os.path.isdir(os.path.join(directory, 'ccd', interface)):
+        rmtree(os.path.join(directory, 'ccd', interface), ignore_errors=True)
+
     # create config directory on demand
     openvpn_mkdir(directory)
     # create status directory on demand
@@ -977,11 +982,8 @@ def apply(openvpn):
 
         # cleanup client config dir
         directory = os.path.dirname(get_config_name(openvpn['intf']))
-        if os.path.isdir(directory + '/ccd/' + openvpn['intf']):
-            try:
-                os.remove(directory + '/ccd/' + openvpn['intf'] + '/*')
-            except:
-                pass
+        if os.path.isdir(os.path.join(directory, 'ccd', openvpn['intf'])):
+            rmtree(os.path.join(directory, 'ccd', openvpn['intf']), ignore_errors=True)
 
         return None