From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4bW03L04SPz33gn for ; Mon, 30 Jun 2025 08:40:14 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4bW03G32jDz2yn7 for ; Mon, 30 Jun 2025 08:40:10 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4bW03F1HSgzSr; Mon, 30 Jun 2025 08:40:09 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1751272809; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=0YklFaM+T4fmc8voEEBLKHcbotAI9RqBg4HFlrpceLI=; b=xoxLf3wNo6jBIwsLXW3PasXwqRn6A2LKOGJrQwg18+o7968JJdjzalFoEZ2qp0ZV1MsiDm 9vTsEjppUK+p8vDQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1751272809; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=0YklFaM+T4fmc8voEEBLKHcbotAI9RqBg4HFlrpceLI=; b=vxxDdiaUVzYi1iPWiBP9LSeqTo5dZlujQdlskirZ4bm8EphJRJ+D8Tl5GnTiL5OidXmPBu zACxTwcH4YKnDEuWyHQgbIkNtujhdGEcL2J1Yt7RC1+Jzs9xVNHOHTbBw2vOoZctc468ph LIRTjwtlro00OI8FX8kDLS7Sbx9NEPV9tLIxsRoq6WKBLV9G89iiJRtpzpudwxDIHOscA6 TElKXR36/1JHVsSyF5JvaX91y3afd3UQdg1Q7c2KfBD/azydAaKXbfnuzDL2jw6sgv0tQD yww5PLLizgH8/LSfcJkj3Igxl4GIpAjf8PCmtCGPWpBUtj10I8NgwnEAXJfA5g== Content-Type: text/plain; charset=us-ascii Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: Mime-Version: 1.0 Subject: Re: Feedback on the branch openvpn-rebase From: Michael Tremer In-Reply-To: Date: Mon, 30 Jun 2025 09:40:08 +0100 Cc: "IPFire: Development-List" Content-Transfer-Encoding: quoted-printable Message-Id: <1396727E-BF73-4015-B853-B3F854806B28@ipfire.org> References: To: Adolf Belka Hello Adolf, Thank you very much for looking into this for me. > On 29 Jun 2025, at 11:51, Adolf Belka wrote: >=20 > Hi All, >=20 > Tested out the latest openvpn-rebase branch from @ms using the link to = the iso that he provided from the latest fixes. >=20 > The disable and enable checkbox now works. If you enable the checkbox = and save then the box is enabled and if you then disable and save it the = checkbox now is disabled so that previous issue is fixed. That is a good start. > Unfortunately the start and stop issue is still present. This is less good. I am sure that I tested that the sever gets properly = started, restarted and stopped. I can look into this again. Hopefully = this should not stop us from conducting any further testing. > When I start the system running with the openvpn server running and = then I disable the server then it shows the server as stopped. >=20 > If I then enable the server and save then the checkbox is enabled but = the server stays stopped. >=20 > On the command line the status shows >=20 > /usr/sbin/openvpn is not running but /var/run/openvpn-rw.pid exists. >=20 > So the server stopped but the pid was not removed. >=20 > If I boot the system and the server was checked as enabled then = everything starts properly. >=20 > The boot screen shows >=20 > Starting OpenVPN Roadwarrior Server... OK > Starting OpenVPN Authenticator... OK > Starting OpenVPN N2N connection 'ipfirenet2net'... OK >=20 > then if I straight away reboot the shutdown screen shows >=20 >=20 > Stopping OpenVPN Authenticator... Not running WARN > Stopping OpenVPN Roadwarrior Server... FAIL > Stopping OpenVPN N2N connection 'ipfirenet2net'... OK Okay, this is interesting. The authenticator cannot run without the RW = service being active. So this does not concern me at this point. The RW server should however be running if it is enabled. Is there = anything in the logs that explains why it crashed? > The N2N connection starts and stops correctly and the pid is removed. >=20 > I believe that this might be due to the variable PIDFILE being used = for both the authenticator and the rw daemons and when the openvpn-rw = daemon is being shutdown it has the authenticator pid in the PIDFILE = variable and not the openvpn-rw.pid file name. Yes, I had to play around a lot with this. The initscripts are designed = to deal with only one service and I hacked my way around it. > I have tried various ways to change this in the openvpn-rw initscript = but I ended up fixing it for one thing but then creating a problem for = another one. Basically I think because I don't understand how the whole = initscript and pid process is running in IPFire. Neither do I :) It is all very broken there and so there won't be a very = clean and obvious way ahead. I will look into it. Any other findings so far? -Michael >=20 > Regards, > Adolf. >=20