\n \n";
+ print " \n";
+ return undef;
+}
+
+sub read_pem{
+ my ($fm,$pem) = @_;
+ my $q = $fm->{cgi};
+ my $dir = '';
+ my $ret;
+ if (($pem eq 'cacert.pem') || ($pem eq 'cert.pem') || ($pem eq 'dh.pem')){
+ $dir = $pubdir;
+ }
+ elsif (($pem eq 'key.pem') || ($pem eq 'takey.pem')){
+ $dir = $privdir;
+ }
+
+ if (! open (PEM, "<$dir/$pem")){
+ $fm->error('ERROR_OPEN_PEM','FIRST');
+ # Tell the user something bad has happened
+ return;
+ }
+ while (){
+ $ret .= $_;
+ }
+ close PEM;
+
+ return $ret;
+}
+
+sub write_pem{
+ my ($fm) = @_;
+ my $q = $fm->{cgi};
+
+ my $ca = $q->param('ca_pem');
+ my $crt = $q->param('crt_pem');
+ my $key = $q->param('key_pem');
+ my $dh = $q->param('dhpar_pem');
+ my $ta = $q->param('ta_pem');
+
+ $config_db->set_prop('openvpn-bridge', 'CrlUrl', $q->param('crl_url'));
+
+ if (! open (CA, ">$pubdir/cacert.pem")){
+ $fm->error('ERROR_OPEN_CA','FIRST');
+ # Tell the user something bad has happened
+ return;
+ }
+ print CA $ca;
+ close CA;
+
+ if (! open (CRT, ">$pubdir/cert.pem")){
+ $fm->error('ERROR_OPEN_CRT','FIRST');
+ # Tell the user something bad has happened
+ return;
+ }
+ print CRT $crt;
+ close CRT;
+
+ if (! open (KEY, ">$privdir/key.pem")){
+ $fm->error('ERROR_OPEN_KEY','FIRST');
+ # Tell the user something bad has happened
+ return;
+ }
+ print KEY $key;
+ close KEY;
+ chmod(0600, "$privdir/key.pem" );
+ esmith::util::chownFile("root", "root","$privdir/key.pem" );
+ if (! open (DH, ">$pubdir/dh.pem")){
+ $fm->error('ERROR_OPEN_DH','FIRST');
+ # Tell the user something bad has happened
+ return;
+ }
+ print DH $dh;
+ close DH;
+
+ if (! open (TA, ">$privdir/takey.pem")){
+ $fm->error('ERROR_OPEN_TA','FIRST');
+ # Tell the user something bad has happened
+ return;
+ }
+ print TA $ta;
+ close TA;
+ chmod(0600, "$privdir/takey.pem" );
+ esmith::util::chownFile("root", "root","$privdir/takey.pem" );
+
+ # Restrict permissions on sensitive data
+ esmith::util::chownFile("root", "root","$privdir");
+ esmith::util::chownFile("root", "root","$pubdir");
+ chmod 0700, "$privdir";
+ chmod 0755, "$pubdir";
+
+ unless(system("/sbin/e-smith/signal-event openvpn-bridge-update") == 0){
+ $fm->error('ERROR_OCCURED','RULES_PAGE');
+ return undef;
+ }
+ $fm->success('SUCCESS','FIRST');
+ return undef;
+}
+
+
+# Validations
+
+sub is_ip{
+ my ($fm,$ip) = @_;
+ return CGI::FormMagick::Validator::ip_number($fm, $ip);
+}
+
+sub ip_is_in_local_net {
+ my ($fm,$ip) = @_;
+
+ unless(is_ip($fm, $ip) eq 'OK'){
+ return $fm->localise('NOT_A_VALID_IP',{ip => $ip});
+ }
+
+ my $local_ip = $config_db->get('LocalIP')->value();
+ my $local_netmask = $config_db->get('LocalNetmask')->value;
+ my ($local_network, $local_broadcast) =
+ esmith::util::computeNetworkAndBroadcast( $local_ip, $local_netmask );
+
+ my ($ip_network,$ip_broadcast) =
+ esmith::util::computeNetworkAndBroadcast($ip, $local_netmask);
+
+ if ($ip_network ne $local_network){
+ return $fm->localise('NOT_IN_LOCAL_NET',{ip => $ip});
+ }
+ return "OK";
+}
+
+sub ip_is_in_local_net_or_blank {
+ my ($fm,$ip) = @_;
+
+ if ($ip eq ''){
+ return 'OK';
+ }
+ return ip_is_in_local_net ($fm,$ip);
+}
+
+sub end_is_after_start{
+ my ($fm,$end) = @_;
+ my $start = $fm->{cgi}->param('start_pool');
+ my $start_ip = new Net::IP($start);
+ my $end_ip = new Net::IP($end);
+ unless ($end_ip->bincomp('gt',$start_ip)){
+ return $fm->localise('START_AFTER_END');
+ }
+ return 'OK';
+}
+
+sub not_in_dhcp_range
+{
+ my $fm = shift;
+ my $address = shift;
+ my $status = $config_db->get('dhcpd')->prop('status') || "disabled";
+ return "OK" unless $status eq "enabled";
+ my $start = $config_db->get('dhcpd')->prop('start');
+ my $end = $config_db->get('dhcpd')->prop('end');
+ if (esmith::util::IPquadToAddr($start)
+ <= esmith::util::IPquadToAddr($address)
+ &&
+ esmith::util::IPquadToAddr($address)
+ <= esmith::util::IPquadToAddr($end)){
+ return $fm->localise("ADDR_IN_DHCP_RANGE",{ip => $address});
+ }
+ else{
+ return "OK";
+ }
+}
+
+sub validate_common_name
+{
+ my ($fm, $common_name) = @_;
+
+ unless ($common_name =~ /^([a-zA-Z0-9][\_\.\-a-zA-Z0-9]*)$/){
+ return $fm->localise('INVALID_CHARS',{string => $common_name});
+ }
+ return "OK";
+}
+
+sub is_url
+{
+ my ($fm, $url) = @_;
+
+ unless ($url =~ /^(http:\/\/)|(https:\/\/)/){
+ return $fm->localise('NOT_A_VALID_URL',{string => $url});
+ }
+ return "OK";
+}
+
+###### those could almost be copy paste for bridge and s2s
+##
+=head2 get_hmac_status
+
+=cut
+sub get_hmac_status{
+ my ($fm) = @_;
+ my $hmac = get_current_hmac();
+ $hmac= "". $fm->localise('CHANGEME_INSECURE'). ": $hmac " unless ($hmac eq "whirlpool" || $hmac =~ /(512|256|384|224)$/);
+ return $hmac;
+}
+
+=head2 get_cipher_status
+list obtained using
+openvpn --show-digests | egrep 'digest size' | awk {'print "'\''" $1 "'\'' => '\''" $1 "'\''," '}
+=cut
+sub get_cipher_status{
+ my ($fm) = @_;
+ my $cipher = get_current_cipher();
+ $cipher = "". $fm->localise('CHANGEME_INSECURE'). ": $cipher " unless ($cipher =~ /(128|192|256|512|SEED)/ );
+ return $cipher;
+}
+
+=head2 get_current_hmac
+
+=cut
+sub get_current_hmac{
+ my ($self) = @_;
+ my $cvpn= $config_db->get('openvpn-bridge') or return "SHA256" ;
+ return "SHA1" unless defined $cvpn->prop('HMAC');
+ return $cvpn->prop('HMAC') ;
+}
+
+=head2 get_current_cipher
+list obtained using
+openvpn --show-digests | egrep 'digest size' | awk {'print "'\''" $1 "'\'' => '\''" $1 "'\''," '}
+=cut
+sub get_current_cipher{
+ my ($self) = @_;
+ my $cvpn= $config_db->get('openvpn-bridge') or return "AES-128-CBC";
+ return "BF-CBC" unless defined $cvpn->prop('Cipher');
+ return $cvpn->prop('Cipher') ;
+}
+
+
+=head2 get_digests_options
+
+=cut
+sub get_digests_options{
+ my ($self) = @_;
+ my $translate = $self->localise('DEFAULT');
+ my $suggested = $self->localise('SUGGESTED');
+ my %options= (
+ 'whirlpool' => 'whirlpool (512)',
+ 'SHA512' => 'SHA512',
+ 'SHA384' => 'SHA384',
+ 'SHA256' => 'SHA256' . ": $suggested",
+ 'SHA224' => 'SHA224',
+ 'SHA1' => 'SHA1 (160)' . ": $translate",
+ 'SHA' => 'SHA (160)',
+ 'ecdsa-with-SHA1' => 'ecdsa-with-SHA1 (160)',
+ 'RIPEMD160' => 'RIPEMD160',
+ 'MD5' => 'MD5 (128)',
+ 'MD4' => 'MD4 (128)',
+ );
+ return \%options;
+}
+
+
+=head2 get_ciphers_options
+list obtained using
+openvpn --show-ciphers | egrep '^[A-Z]{2}' | sed 's/ by//; s/ default//; s/block,/block/; s/)// ' | awk {'print " '\''" $1 "'\'' => '\''" $1 $2 " " $4 " " $5 " " $7")'\''," '}
+then reduced to remove most of insecure ciphers
+Using a CBC or GCM mode is recommended.
+In static key mode only CBC mode is allowed.
+
+=cut
+sub get_ciphers_options{
+ my ($self) = @_;
+ my $translate = $self->localise('DEFAULT');
+ my $suggested = $self->localise('SUGGESTED');
+ my %options= (
+ 'AES-128-CBC' => 'AES-128-CBC (128 key, 128 block)'.": $suggested",
+ 'AES-128-CFB' => 'AES-128-CFB (128 key, 128 block)',
+ 'AES-128-CFB1' => 'AES-128-CFB1 (128 key, 128 block)',
+ 'AES-128-CFB8' => 'AES-128-CFB8 (128 key, 128 block)',
+ 'AES-128-GCM' => 'AES-128-GCM (128 key, 128 block)',
+ 'AES-128-OFB' => 'AES-128-OFB (128 key, 128 block)',
+ 'AES-192-CBC' => 'AES-192-CBC (192 key, 128 block)',
+ 'AES-192-CFB' => 'AES-192-CFB (192 key, 128 block)',
+ 'AES-192-CFB1' => 'AES-192-CFB1 (192 key, 128 block)',
+ 'AES-192-CFB8' => 'AES-192-CFB8 (192 key, 128 block)',
+ 'AES-192-GCM' => 'AES-192-GCM (192 key, 128 block)',
+ 'AES-192-OFB' => 'AES-192-OFB (192 key, 128 block)',
+ 'AES-256-CBC' => 'AES-256-CBC (256 key, 128 block)',
+ 'AES-256-CFB' => 'AES-256-CFB (256 key, 128 block)',
+ 'AES-256-CFB1' => 'AES-256-CFB1 (256 key, 128 block)',
+ 'AES-256-CFB8' => 'AES-256-CFB8 (256 key, 128 block)',
+ 'AES-256-GCM' => 'AES-256-GCM (256 key, 128 block)',
+ 'AES-256-OFB' => 'AES-256-OFB (256 key, 128 block)',
+ 'CAMELLIA-128-CBC' => 'CAMELLIA-128-CBC (128 key, 128 block)',
+ 'CAMELLIA-128-CFB' => 'CAMELLIA-128-CFB (128 key, 128 block)',
+ 'CAMELLIA-128-CFB1' => 'CAMELLIA-128-CFB1 (128 key, 128 block)',
+ 'CAMELLIA-128-CFB8' => 'CAMELLIA-128-CFB8 (128 key, 128 block)',
+ 'CAMELLIA-128-OFB' => 'CAMELLIA-128-OFB (128 key, 128 block)',
+ 'CAMELLIA-192-CBC' => 'CAMELLIA-192-CBC (192 key, 128 block)',
+ 'CAMELLIA-192-CFB' => 'CAMELLIA-192-CFB (192 key, 128 block)',
+ 'CAMELLIA-192-CFB1' => 'CAMELLIA-192-CFB1 (192 key, 128 block)',
+ 'CAMELLIA-192-CFB8' => 'CAMELLIA-192-CFB8 (192 key, 128 block)',
+ 'CAMELLIA-192-OFB' => 'CAMELLIA-192-OFB (192 key, 128 block)',
+ 'CAMELLIA-256-CBC' => 'CAMELLIA-256-CBC (256 key, 128 block)',
+ 'CAMELLIA-256-CFB' => 'CAMELLIA-256-CFB (256 key, 128 block)',
+ 'CAMELLIA-256-CFB1' => 'CAMELLIA-256-CFB1 (256 key, 128 block)',
+ 'CAMELLIA-256-CFB8' => 'CAMELLIA-256-CFB8 (256 key, 128 block)',
+ 'CAMELLIA-256-OFB' => 'CAMELLIA-256-OFB (256 key, 128 block)',
+ 'SEED-CBC' => 'SEED-CBC (128 key, 128 block)',
+ 'SEED-CFB' => 'SEED-CFB (128 key, 128 block)',
+ 'SEED-OFB' => 'SEED-OFB (128 key, 128 block)',
+ 'BF-CBC' => 'BF-CBC(128 key, 64 block)'. ": $translate ",
+ );
+ return \%options;
+}
+
+1;
diff --git a/smeserver-openvpn-bridge.spec b/smeserver-openvpn-bridge.spec
new file mode 100644
index 0000000..b2dd009
--- /dev/null
+++ b/smeserver-openvpn-bridge.spec
@@ -0,0 +1,362 @@
+# $Id: smeserver-openvpn-bridge.spec,v 1.17 2024/09/06 01:23:30 terryfage Exp $
+# Authority: vip-ire
+# Name: Daniel Berteaud
+
+Summary: OpenVPN, a strong VPN solution build over SSL, pre-configured for bridge mode
+%define name smeserver-openvpn-bridge
+Name: %{name}
+%define version 2.1
+%define release 24
+Version: %{version}
+Release: %{release}%{?dist}
+License: GPL
+Group: Networking/Remote access
+Source: %{name}-%{version}.tar.xz
+
+
+BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot
+BuildArchitectures: noarch
+
+BuildRequires: e-smith-devtools
+
+Provides: perl(esmith::FormMagick::Panel::openvpnbridge)
+Requires: e-smith-base
+Requires: openvpn
+Requires: smeserver-bridge-interface
+Requires: perl(Net::OpenVPN::Manage)
+Obsoletes: smeserver-openvpn-bridge-fws
+Obsoletes: smeserver-openvpn-bridge.fws
+
+%description
+This package contains all the needed scripts and templates
+to have a full working openvpn server running in bridge mode.
+
+%changelog
+* Sat Sep 07 2024 cvs2git.sh aka Brian Read 2.1-24.sme
+- Roll up patches and move to git repo [SME: 12338]
+
+* Sat Sep 07 2024 BogusDateBot
+- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday,
+ by assuming the date is correct and changing the weekday.
+
+* Fri Sep 06 2024 Terry Fage 2.1-23.sme
+- apply locale 2024-09-06.patch
+
+* Wed Nov 23 2022 Jean-Philippe Pialasse 2.1-22.sme
+- log to dedicated file [SME: 12242]
+- use locale timezone for logging [SME: 6155]
+
+* Fri Nov 11 2022 Jean-Philippe Pialasse 2.1-19.sme
+- apply locale 2022-11-1 patch
+
+* Sat Jul 30 2022 Jean-Philippe Pialasse 2.1-18.sme
+- add Provides perl(esmith::FormMagick::Panel::openvpnbridge)
+
+* Sat Jul 30 2022 Brian Read 2.1-17.sme
+- Re-build and link to latest devtools [SME: 11997]
+
+* Sat Jul 23 2022 Jean-Philippe Pialasse 2.1-16.sme
+- add to core backup [SME: 12018]
+
+* Wed Sep 08 2021 Terry Fage 2.1-15.sme
+- apply locale 2021-09-08 patch
+
+* Mon Aug 23 2021 Terry Fage 2.1-14.sme
+- apply locale 2021-08-23 patch
+
+* Wed Mar 31 2021 Jean-Philippe Pialasse 2.1-13.sme
+- default AES-128-CBC and SHA256 fix [SME: 11335]
+- better frist screen with information on link and hnac and cipher
+- better client default configuration with embded shared key and CAcert
+- migrate cipher to Cipher like routed and s2s usage
+- HMAC and Cipher are accessible to change using the manager.
+- Re-build and link to latest devtools typos in translations [SME: 6647]
+
+* Tue Mar 23 2021 Jean-Philippe Pialasse 2.1-12.sme
+- Re-build and link to latest devtools permisison issue on private keys [SME: 11335]
+- rework unit file
+ avoid failure, add ncp cipher, add loging status
+- add default cipher AES-256-CBC - if issue with older clients < 2.4
+ it is advised to set it to 'auto' or BF-CBC
+
+* Thu Feb 04 2021 Brian Read 2.1-11.sme
+- Initial import to SME10 [SME: 11335]
+- Add-in-systemd-startup
+
+* Sat Dec 07 2019 SME Translation Server 2.1-10.sme
+- apply locale 2019-12-07 patch
+
+* Thu Nov 15 2018 John Crisp 2.1-9.sme
+- Add option to enable/doisable PushRoute [SME: 10547]
+
+* Sat Dec 02 2017 SME Translation Server 2.1-8.sme
+- apply locale 2017-12-02 patch
+
+* Wed Feb 01 2017 Jean-Philipe Pialasse 2.1-7.sme
+- apply locale 2017-02-02.patch
+
+* Sat May 7 2016 Daniel Berteaud 2.1-6.sme
+- Typo in en-us locale for the panel [SME: 9301]
+
+* Wed Feb 10 2016 Daniel Berteaud 2.1-5.sme
+- Remove obsolete libpam.so symlink so AutoReqProv do not add a dep on i686
+ pam
+
+* Mon Feb 8 2016 Daniel Berteaud 2.1-4.sme
+- Create /etc/openvpn/bridge/dev/urandom [SME: 9238]
+
+* Thu Aug 6 2015 Daniel Berteaud 2.1-3.sme
+- Add routes for s2s virtual IP
+
+* Tue Feb 17 2015 Daniel Berteaud 2.1-2.sme
+- Apply locale 2015-02-17 patch
+
+* Mon Nov 11 2013 Daniel B. 2.1-1.sme
+- Rebuild for SME9
+
+* Sun Jul 14 2013 JP Pialasse 2.0-50.sme
+- apply locale 2013-07-14 patch
+
+* Thu Jun 6 2013 Daniel B. 2.0-49.sme
+- Fix plugin directory for x86_64 [SME: 7658]
+
+* Fri Mar 22 2013 Daniel B. 2.0-48.sme
+- Fix spelling in en-us panel [SME: 7507]
+
+* Mon Oct 08 2012 Daniel B. 2.0-47.sme
+- Create a tmp dir (needed for openvpn 2.2.2)
+
+* Tue Mar 20 2012 SME Translation Server 2.0-46.el6
+- apply locale 2012-03-20 patch
+
+* Wed Apr 27 2011 SME Translation Server 2.0-45.sme
+- apply locale 2011-04-27 patch
+
+* Sun Mar 06 2011 SME Translation Server 2.0-44.sme
+- apply locale 2011-03-06 patch
+
+* Thu Feb 17 2011 Daniel B. 2.0-43.sme
+- Fix a typo in the panel [SME: 6509]
+
+* Tue Jan 25 2011 Daniel B. 2.0-42.sme
+- Stop disabling service on rpm removal (spec change only)
+
+* Tue Jan 25 2011 Daniel B. 2.0-41.sme
+- Add comp-lzo option back into client conf file
+
+* Tue Oct 26 2010 Daniel B. 2.0-40.sme
+- Add PassTOS DB key to enable/disable passtos
+- Enhance routes push (work with s2s contrib)
+
+* Tue Oct 19 2010 Daniel B. 2.0-39.sme
+- templates cleanup
+- DB prop to disable local networks routes push to client
+
+* Mon Jul 19 2010 Daniel B. 2.0-38.sme
+- apply locale 2010-07-19 patc
+
+* Wed Jun 02 2010 Daniel B. 2.0-37.sme
+- apply locale 2010-06-02 patch
+- use multilog timestamp
+
+* Wed May 12 2010 Daniel B. 2.0-36.sme
+- Comment the passtos option as it's not supported on Windows
+
+* Fri Apr 30 2010 Daniel B. 2.0-35.sme
+- add the passtos option
+- push the comp-lzo option to the client
+- apply locale 2010-04-29 patch
+
+* Tue Mar 02 2010 SME Translation Server 2.0-34.sme
+- apply locale 2010-03-02 patch
+
+* Wed Nov 18 2009 Daniel B. 2.0-33.sme
+- code cleanup
+
+* Tue Nov 17 2009 Daniel B. 2.0-32.sme
+- apply locale 2009-11-17 patch
+- Fix CRL update on event (openvpn-bridge-update)
+
+* Tue Oct 27 2009 SME Translation Server 2.0-31.sme
+- apply locale 2009-10-27 patch
+
+* Wed Oct 21 2009 Daniel B. 2.0-30.sme
+- apply locale 2009-10-21 patch
+
+* Tue Sep 29 2009 Daniel B. 2.0-29.sme
+- Put tls-client directive in client config file even when additional TLS
+ auth is disabled (required for the main TLS auth) [SME: 5495]
+- apply locale 2009-09-28 patch
+
+* Mon Aug 24 2009 SME Translation Server 2.0-28.sme
+- apply locale 2009-08-24 patch
+
+* Wed Jul 22 2009 Daniel B. 2.0-27.sme
+- apply locale 2009-07-22 patch
+
+* Thu Jun 25 2009 Daniel B. 2.0-26.sme
+- expand config and restart the service when local networks are added
+ or removed so the new routes are pushed
+
+* Tue May 26 2009 Daniel B. 2.0-25.sme
+- apply locale 2009-05-26 patch
+
+* Sun May 24 2009 Daniel B. 2.0-24.sme
+- apply locale 2009-05-24 patch
+
+* Thu Apr 30 2009 Daniel B. 2.0-23.sme
+- apply local 2009-04-30 patch
+
+* Mon Apr 27 2009 SME Translation Server 2.0-22.sme
+- apply locale 2009-04-27 patch
+
+* Tue Apr 14 2009 Daniel B. [2.0-21]
+- Fixe permissions on public directory (pub and ccd) which must be readable
+ by everyone (especially user nobody)
+
+* Sun Apr 12 2009 Daniel B. [2.0-20]
+- remove obsolete init scripts reset-openvpn and openvpn-bridge
+
+* Wed Mar 18 2009 Daniel B. [2.0-19]
+- Do not add cipher directive in client configuration file if set to 'auto'
+
+* Wed Mar 11 2009 Daniel B. [2.0-18]
+- Compatibility with openvpn 2.1 (detect plugin dir location) [SME: 5060]
+
+* Mon Mar 09 2009 Daniel B. [2.0-17]
+- Add smeserver-bridge-interface as dependency
+- Update spec description
+
+* Tue Mar 03 2009 SME Translation Server [2.0-16]
+- apply locale 2009-03-03 patch
+
+* Tue Mar 03 2009 Jonathan Martens [2.0-15]
+- Fix some more errors in the en-us locale
+- Remove tabs from SPEC file as some editors act weird with them, e.g. nano
+
+* Tue Mar 03 2009 Jonathan Martens [2.0-14]
+- Fix some grammar errors in the en-us locale
+
+* Tue Mar 03 2009 Jonathan Martens [2.0-13]
+- Fix a typo in the en-us locale
+
+* Tue Mar 03 2009 Shad L. Lords [2.0-12]
+- Fix xml language tag to be correct
+
+* Tue Mar 03 2009 Shad L. Lords [2.0-11]
+- Remove duplicate translations that break pootle
+
+* Tue Mar 03 2009 Shad L. Lords [2.0-10]
+- Rename locale/en to locale/en-us to pootle works
+
+* Tue Mar 03 2009 Daniel B. [2.0-9]
+- Apply locale patch fr 1
+- Add e-smith-devtools as a build dependency
+
+* Thu Jan 29 2009 Daniel B. [2.0-8]
+- Fix an error with the creation of the db
+
+* Wed Jan 28 2009 Daniel B. [2.0-7]
+- Cleanly create openvpn-bridge db
+
+* Fri Jan 16 2009 Daniel B. [2.0-6]
+- Just warn if openvpn db is missing
+- Fix certificates check
+- Warn if bridge service isn't enabled
+- Configure the CRL update URL
+
+* Mon Jan 12 2009 Daniel B. [2.0-5]
+- localization patch
+
+* Mon Dec 22 2008 Daniel B. [2.0-4]
+- Add validate_common_name routine
+
+* Fri Dec 19 2008 Daniel B. [2.0-3]
+- Added option configRequired (accept only certificate listed in the rules section)
+- Clean config templates
+
+* Tue Dec 16 2008 Daniel B. [2.0-2]
+- Add missing pull directive in client config
+
+* Fri Dec 12 2008 Daniel B. [2.0-1]
+- Remove useless migrate fragment (now handled by the bridge package)
+
+* Thu Dec 04 2008 Daniel B. [2.0-0]
+- The bridge stuff is now in a separated rpm
+- Restarting the service doesn't cut the InternalInterface
+ as the bridge isn't restarted
+- Correct (truely this time) the bug with dhcpd looping
+- Panel re-writen in FormMagick (much more simple now)
+- Removed the certificate manager, now handled by phpki
+- Real-time clients info using Net::OpenVPN::Manage
+- Routes to local networks are pushed to clients
+
+* Tue Feb 06 2007 Daniel Berteaud
+- [1.1-1]
+- Bugs fixes (repported by Stephan Braunstein)
+- corrections in the en language
+
+* Tue Feb 06 2007 Daniel Berteaud
+- [1.1-0]
+- panel enhancement
+- little correction in the local file
+
+* Mon Dec 11 2006 Daniel Berteaud
+- [1.0-3]
+- correction of permissions on startup and shutdown scripts
+- little correction in the local file
+
+* Fri Dec 08 2006 Daniel Berteaud
+- [1.0-2]
+- Added missing directory keys/bridge
+
+* Wed Dec 06 2006 Daniel Berteaud
+- [1.0-1]
+- Removed useless parameters from the panel (tap, br and localInf)
+- Added a stop script (k20openvpn-bridge)
+- panel renamed to openvpn-bridge for futur compatibility
+
+%prep
+
+%setup -q -n %{name}-%{version}
+
+rm -rf root/usr/sbin/systemd/
+rm -rf root/var/service/
+
+%build
+perl createlinks
+
+%{__mkdir_p} root/etc/openvpn/bridge/ccd
+%{__mkdir_p} root/etc/openvpn/bridge/priv
+%{__mkdir_p} root/etc/openvpn/bridge/pub
+%{__mkdir_p} root/etc/openvpn/bridge/etc
+%{__mkdir_p} root/etc/openvpn/bridge/tmp
+%{__mkdir_p} root/etc/openvpn/bridge/dev
+%{__mkdir_p} root/var/log/openvpn-bridge
+
+%install
+/bin/rm -rf $RPM_BUILD_ROOT
+(cd root ; /usr/bin/find . -depth -print | /bin/cpio -dump $RPM_BUILD_ROOT)
+/bin/rm -f %{name}-%{version}-filelist
+/sbin/e-smith/genfilelist $RPM_BUILD_ROOT \
+ --dir /var/log/openvpn-bridge 'attr(0750,root,root)' \
+ --dir /etc/openvpn/bridge/pub 'attr(0755,root,root)' \
+ --dir /etc/openvpn/bridge/priv 'attr(0750,root,root)' \
+ --dir /etc/openvpn/bridge/ccd 'attr(0755,root,root)' \
+ --dir /etc/openvpn/bridge/etc 'attr(0755,root,root)' \
+ --dir /etc/openvpn/bridge/tmp 'attr(0770,root,nobody)' \
+ --file /usr/bin/ovpn-bridge-update-crl 'attr(0750,root,root)' \
+ > %{name}-%{version}-filelist
+
+%files -f %{name}-%{version}-filelist
+%defattr(-,root,root)
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%post
+if [ \! -c /etc/openvpn/bridge/dev/urandom ]; then
+ mknod -m 0444 /etc/openvpn/bridge/dev/urandom c 1 9
+fi
+
+%preun
|