Re: Feedback on the branch openvpn-rebase

[Michael Tremer <michael.tremer@ipfire.org>]

Hello Adolf,

Thank you very much for looking into this for me.

> On 29 Jun 2025, at 11:51, Adolf Belka <adolf.belka@ipfire.org> wrote:
> 
> Hi All,
> 
> Tested out the latest openvpn-rebase branch from @ms using the link to the iso that he provided from the latest fixes.
> 
> The disable and enable checkbox now works. If you enable the checkbox and save then the box is enabled and if you then disable and save it the checkbox now is disabled so that previous issue is fixed.

That is a good start.

> Unfortunately the start and stop issue is still present.

This is less good. I am sure that I tested that the sever gets properly started, restarted and stopped. I can look into this again. Hopefully this should not stop us from conducting any further testing.

> When I start the system running with the openvpn server running and then I disable the server then it shows the server as stopped.
> 
> If I then enable the server and save then the checkbox is enabled but the server stays stopped.
> 
> On the command line the status shows
> 
> /usr/sbin/openvpn is not running but /var/run/openvpn-rw.pid exists.
> 
> So the server stopped but the pid was not removed.
> 
> If I boot the system and the server was checked as enabled then everything starts properly.
> 
> The boot screen shows
> 
> Starting OpenVPN Roadwarrior Server... OK
> Starting OpenVPN Authenticator... OK
> Starting OpenVPN N2N connection 'ipfirenet2net'... OK
> 
> then if I straight away reboot the shutdown screen shows
> 
> 
> Stopping OpenVPN Authenticator... Not running WARN
> Stopping OpenVPN Roadwarrior Server... FAIL
> Stopping OpenVPN N2N connection 'ipfirenet2net'... OK

Okay, this is interesting. The authenticator cannot run without the RW service being active. So this does not concern me at this point.

The RW server should however be running if it is enabled. Is there anything in the logs that explains why it crashed?

> The N2N connection starts and stops correctly and the pid is removed.
> 
> I believe that this might be due to the variable PIDFILE being used for both the authenticator and the rw daemons and when the openvpn-rw daemon is being shutdown it has the authenticator pid in the PIDFILE variable and not the openvpn-rw.pid file name.

Yes, I had to play around a lot with this. The initscripts are designed to deal with only one service and I hacked my way around it.

> I have tried various ways to change this in the openvpn-rw initscript but I ended up fixing it for one thing but then creating a problem for another one. Basically I think because I don't understand how the whole initscript and pid process is running in IPFire.

Neither do I :) It is all very broken there and so there won't be a very clean and obvious way ahead.

I will look into it.

Any other findings so far?

-Michael

> 
> Regards,
> Adolf.
>