From e068851a66eec3e7e67385bf1f8c51778e96289e Mon Sep 17 00:00:00 2001
From: Holger Hans Peter Freyther <holger@moiji-mobile.com>
Date: Thu, 25 Dec 2014 09:53:59 +0100
Subject: [PATCH 1/2] openvpn: Move to OpenVPN v2.3.6 and systemd service files

Systems that had OpenVPN enabled by default will be migrated
(at least that is the aim).
---
 recipes-extra/openvpn/openvpn_2.1.3.bb | 28 --------------------------
 recipes-extra/openvpn/openvpn_2.3.6.bb |  3 ---
 2 files changed, 31 deletions(-)
 delete mode 100644 recipes-extra/openvpn/openvpn_2.1.3.bb

diff --git a/recipes-extra/openvpn/openvpn_2.1.3.bb b/recipes-extra/openvpn/openvpn_2.1.3.bb
deleted file mode 100644
index fd481f6b1b..0000000000
--- a/recipes-extra/openvpn/openvpn_2.1.3.bb
+++ /dev/null
@@ -1,28 +0,0 @@
-DESCRIPTION = "A full-featured SSL VPN solution via tun device."
-HOMEPAGE = "http://openvpn.sourceforge.net"
-SECTION = "console/network"
-LICENSE = "GPLv2"
-LIC_FILES_CHKSUM = "file://COPYING;md5=5aac200199fde47501876cba7263cb0c"
-DEPENDS = "lzo openssl"
-RRECOMMENDS_${PN} = "kernel-module-tun"
-
-PR = "r1"
-
-inherit autotools
-
-SRC_URI = "http://openvpn.net/release/openvpn-${PV}.tar.gz \
-           file://openvpn"
-
-CFLAGS += "-fno-inline"
-
-# I want openvpn to be able to read password from file (hrw)
-EXTRA_OECONF += "--enable-password-save"
-
-do_install_append() {
-        install -d ${D}/${sysconfdir}/init.d
-        install -d ${D}/${sysconfdir}/openvpn
-        install -m 755 ${WORKDIR}/openvpn ${D}/${sysconfdir}/init.d
-}
-
-SRC_URI[md5sum] = "7486d3e270ba4b033e311d3e022a0ad7"
-SRC_URI[sha257sum] = "5185181df2e6043bd667377bc92e36ea5a5bd7600af209654f109b6403ca5b36"
diff --git a/recipes-extra/openvpn/openvpn_2.3.6.bb b/recipes-extra/openvpn/openvpn_2.3.6.bb
index ed3376dc01..844b369457 100644
--- a/recipes-extra/openvpn/openvpn_2.3.6.bb
+++ b/recipes-extra/openvpn/openvpn_2.3.6.bb
@@ -61,6 +61,3 @@ pkg_postinst_${PN} () {
         fi
     fi
 }
-
-# We need to test opkg upgrade of OpenVPN through the OpenVPN first
-DEFAULT_PREFERENCE = "-1"

From aef7cf84616a6f6c8d959d89d59b41a505627a75 Mon Sep 17 00:00:00 2001
From: Holger Hans Peter Freyther <holger@moiji-mobile.com>
Date: Thu, 25 Dec 2014 09:59:50 +0100
Subject: [PATCH 2/2] openvpn: Force the server to have a server certificate

This addresses the following warning of OpenVPN:

WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
---
 .../sysmocom-openvpn-config/sysmocom-vpn.conf                   | 1 +
 .../sysmocom-openvpn-config/sysmocom-openvpn-config_1.bb        | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/recipes-config/sysmocom-openvpn-config/sysmocom-openvpn-config/sysmocom-vpn.conf b/recipes-config/sysmocom-openvpn-config/sysmocom-openvpn-config/sysmocom-vpn.conf
index aabbc7fb0a..145f8b17b3 100644
--- a/recipes-config/sysmocom-openvpn-config/sysmocom-openvpn-config/sysmocom-vpn.conf
+++ b/recipes-config/sysmocom-openvpn-config/sysmocom-openvpn-config/sysmocom-vpn.conf
@@ -1,6 +1,7 @@
 #OpenVPN client conf
 tls-client
 client
+ns-cert-type server
 dev tun
 proto udp
 tun-mtu 1500
diff --git a/recipes-config/sysmocom-openvpn-config/sysmocom-openvpn-config_1.bb b/recipes-config/sysmocom-openvpn-config/sysmocom-openvpn-config_1.bb
index 3673b68b49..e1518e6ba9 100644
--- a/recipes-config/sysmocom-openvpn-config/sysmocom-openvpn-config_1.bb
+++ b/recipes-config/sysmocom-openvpn-config/sysmocom-openvpn-config_1.bb
@@ -5,7 +5,7 @@ LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
 
 SRC_URI = "file://sysmocom-vpn.conf"
-PR = "r3"
+PR = "r4"
 
 CONFFILES_${PN} = "${sysconfdir}/openvpn/sysmocom-vpn.conf"
 PACKAGE_ARCH = "all"