Bug 10036

Summary: Compile additional option --enable-password-save to openvpn binary
Product: IPFire Reporter: Erik Kapfer <ummeegge>
Component: openvpnAssignee: Michael Tremer <michael.tremer>
Status: CLOSED FIXED QA Contact:
Severity: - Unknown -    
Priority: - Unknown - CC: michael.tremer
Version: 2   
Hardware: unspecified   
OS: Unspecified   
Attachments: Diff from the openvpn lfs file
The patch for lfs/openvpn
Patch for the openvpn rootfile

Description Erik Kapfer 2012-02-20 10:45:39 UTC 
Created attachment 20 [details]
Diff from the openvpn lfs file

Regarding to a thread in the forum (--> http://forum.ipfire.org/index.php/topic,5995.msg41498/topicseen.html#msg41498) i have compiled now the new version 2.2.2 of the openvpn binary (change log information from OpenVPN http://openvpn.net/index.php/open-source/documentation/change-log/425-changelog-for-openvpn-22.html ) with an additional option called --enable-password-save. With this option it is possible to use alternative authentication methods --> http://openvpn.net/index.php/open-source/documentation/howto.html#auth .
I modified therefor the openvpn lfs file, i downloaded the newest openvpn version http://swupdate.openvpn.org/community/releases/openvpn-2.2.2.tar.gz and compiled it. 
To get a better clarity in the ovpn directory, i created also a new directory called "scripts" in /var/ipfire/ovpn, cause the new option needs scripts to execute the authentication.

For an overview of the changes i made a diff, which is findable in the attachment.

Best regards

Erik
Comment 1 Michael Tremer 2012-02-20 11:25:28 UTC 
To merge the changes an update of the openvpn rootfile is missing.

We could target this change for core update 58.
Comment 2 Erik Kapfer 2012-02-24 11:06:40 UTC 
Created attachment 23 [details]
The patch for lfs/openvpn
Comment 3 Erik Kapfer 2012-02-24 11:07:08 UTC 
Created attachment 24 [details]
Patch for the openvpn rootfile
Comment 4 Erik Kapfer 2012-02-24 11:15:56 UTC 
Hello Michael,
i have modified now also some other things in the openvpn/lfs. I added a new directory under /usr/lib named openvpn. This is the plugin directory, i thought this might be a good idea cause OpenVPN have a lot of plugins.

Also the existing plugins down-root.so and auth-pam.so are copied to this directory.

The next thing i created a scripts folder under /var/ipfire/ovpn. The new --enable-password-save function can requires scripts, also the down-root.so works with an up/down script, so for a better overview i created this directory with root.root 755 .

As mentioned above i used the new openvpn-2.2.2.tar.gz from http://openvpn.net/index.php/download.html where the change log for 2.2.2 can also be overviewed

The patch for openvpn/lfs and the rootfile are attached

Best regards


Erik
Comment 5 Erik Kapfer 2012-02-24 12:20:39 UTC 
If have seen there is one line in the LFS file too much 
chmod 755 /usr/lib/openvpn
one time is enough :-)

Erik
Comment 6 Michael Tremer 2012-02-24 21:01:34 UTC 
So why did the path of the plugins change?
Comment 7 Erik Kapfer 2012-02-25 07:37:18 UTC 
I have copied them in there cause of a previouse thread http://forum.ipfire.org/index.php/topic,4521.msg33496.html#msg33496 where we spoke also about that. I think this path is also in other distributions well known.
Comment 8 Michael Tremer 2012-02-25 11:43:50 UTC 
I really like the plugins in /usr. That's where they should have been in the frist place. But we need to check if it does not break anything.

I will merge these patches as soon as possible.
Comment 10 Erik Kapfer 2012-02-29 11:15:40 UTC 
Hi Michael,
i have compiled it now also with your modified lfs file and after a few tests it works quiet round for me.
Comment 11 Michael Tremer 2012-05-15 23:09:22 UTC 
Released with Core Update 58.