From mboxrd@z Thu Jan  1 00:00:00 1970
From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: Testing of openvpn-2.6-meetup branch
Date: Sat, 07 Dec 2024 15:23:54 +0100
Message-ID: <2cc3f4f9-0bee-4f21-839a-d819b467b779@ipfire.org>
In-Reply-To: <0116a4a1-0e7d-4bb8-a75a-9abbfd8088ca@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============2172443829330279764=="
List-Id: <development.lists.ipfire.org>

--===============2172443829330279764==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hi Michael,

On 07/12/2024 15:11, Adolf Belka wrote:
> Hi Michael,
>
> On 06/12/2024 21:11, Michael Tremer wrote:
>> Hello Adolf,
>>
>> Thanks for testing this and finally getting some traction back into this p=
roject=E2=80=A6
>>
>> It is very important, but it has been painful work, which is why I am putt=
ing this slightly more towards the end of my TODO list than I should.
>>
>> There is however not *that* much to do to get this finally over the line. =
I believe that the RW stuff is mostly done. It will need a lot of bug fixing,=
 but it should generally be complete.
>>
>> There is still the net-to-net stuff which I haven=E2=80=99t touched becaus=
e the code is more than difficult to read and handle.
>>
>> =E2=80=94=E2=80=94
>>
>> The Perl module problem is probably something the OpenVPN branch inherited=
 from the then current next branch, but those problems have already been fixe=
d. I also believe that some of the issues with starting the process have been=
 fixed and should be in next. I think a lot of the problems with the OpenVPN =
branch is that so many changes came out of it on the side that I started to g=
et them merged into mainline before the branch grows even larger. Sometimes, =
I think, we lost the fixes from the actual OpenVPN branch.
>>
>> Therefore I have rebased the branch against next. That means that you will=
 have to build it all again, but on the plus side, you will have all the bugs=
 that next has, and maybe more from the OpenVPN branch. Hopefully some things=
 would have resolved themselves.
>>
>> The branch is here:
>>
>> https://git.ipfire.org/?p=3Dpeople/ms/ipfire-2.x.git;a=3Dshortlog;h=3Drefs=
/heads/openvpn-2.6-meetup-rebased
>>
>> I did not build it myself, yet - the build is still running. It could be t=
hat I broke even more stuff, but I would be interested to know if I did so, t=
hat we finally can get this all ready for some sunny days.
>
> I have built it and installed it. The perl module issues have been resolved=
. However the OpenVPN Server status and the client Invalid input are both sti=
ll the same as before. So not fixed or even obviously changed from before the=
 rebase.
>
I have figured out what the problem was for the status of the OpenVPN server =
on the wui page.

You changed the process name to openvpn-rw but in the ovpnmain.cgi at line 50=
66-5067 it still specifies the process name as openvpn and the pid file name =
as openvpn.pid.

I changed the process name to openvpn-rw and the pid name to openvpn-rw.pid a=
nd the status is now working.

So that part has been resolved.

Just the client invalid input now.

Regards,

Adolf.

>>
>> Please send me your patch with the updated version of OpenVPN so that I ca=
n merge it into this branch and we are all testing with the latest version.
>
> I will send it later today.
>
>>
>> Let=E2=80=99s get this build started and then we will look what is causing=
 the invalid input problems=E2=80=A6
>
> The message invalid input is used three times in the ovpnmain.cgi file but =
I can't figure out from those what the message would be caused by.
>
> Regards,
> Adolf.
>
>>
>> -Michael
>>
>>> On 6 Dec 2024, at 18:13, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
>>>
>>> Hi Michael,
>>>
>>> I did a fresh new clone of the openvpn-2.6-meetup branch and built it wit=
h only uncommenting the Compress/Raw/Zlib.pm
>>>
>>> I then installed it onto a vm and tested it out. The same issues are pres=
ent as before so it is not a problem of the repo clone that I had.
>>>
>>> Basically the OpenVPN RW server can be started and using the openvpnctrl =
program the status says it is running and shows the pid but the WUI still say=
s that it is Stopped.
>>>
>>> Also any client connection creation shows up with Invalid input, even wit=
h client connections that work with CU189.
>>>
>>> Regards,
>>>
>>> Adolf.
>>>
>>> On 06/12/2024 12:59, Adolf Belka wrote:
>>>> Hi Michael,
>>>>
>>>> So I did a pull of the openvpn-2.6-meetup branch from your repo. I notic=
ed that it was using OpenVPN-2.6.9 and 2.6.12 is available now so I updated t=
he openvpn to 2.6.12 and did a build.
>>>>
>>>> Then I installed the created iso and the OpenVPN WUI page came up with a=
n Internal Server Error.
>>>>
>>>> The logs indicated that it couldn't find the Compress::Raw::Zlib perl mo=
dule.
>>>>
>>>> That was one of the separate perl modules removed from the system becaus=
e they were now in the core.
>>>>
>>>> I checked the perl rootfile on the openvpn-2.6.meetup branch and it had =
the
>>>>
>>>> usr/lib/perl5/5.36.0/xxxMACHINExxx-linux-thread-multi/Compress/Raw/Zlib.=
pm line commented out.
>>>>
>>>> So I uncommented that line in the rootfile and rebuilt the branch and no=
w the OpenVPN WUI page was shown okay.
>>>>
>>>> However when I tried to create a client connection I kept getting an "Oo=
ps something went wrong Invalid input" message but it didn't say what was inv=
alid.
>>>>
>>>> I then restored a backup with my existing OpenVPN root/host and client s=
ettings and using the pencil icon to go into edit mode for one of the known w=
orking client connections when I just pressed the Save button without changin=
g anything it again gave me the Invalid input message.
>>>>
>>>> The other issue I found was that the OpenVPN Server page was constantly =
showing Stopped.
>>>>
>>>> At this point I did a rebuild of the openvpn-2.6-meetup branch with the =
previous 2.6.9 OpenVPN but the same as above occurred, again with a fresh cli=
ent connection creation or with the restored known working client connections.
>>>>
>>>> I then tried to start the openvpn from the command line to see what mess=
ages it cam up with.
>>>>
>>>> I tried first of all using the restart command and got
>>>>
>>>> /usr/local/bin/openvpnctrl rw restart
>>>> Stopping OpenVPN Authenticator...=C2=A0=C2=A0=C2=A0 Not running.=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 [ WARN ]
>>>> Stopping OpenVPN Roadwarrior Server...=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0 [ FAIL ]
>>>> Starting OpenVPN Roadwarrior Server...
>>>> Unable to continue: /var/run/openvpn-rw.pid exists=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 [ WARN ]
>>>> Starting OpenVPN Authenticator... [=C2=A0 OK=C2=A0 ]
>>>>
>>>> so I checked and the openvpn-rw.pid file was present. So I then removed =
that file and ran the status command
>>>>
>>>> /usr/local/bin/openvpnctrl rw status
>>>> /usr/sbin/openvpn is not running.
>>>>
>>>> Then I ran the start command
>>>>
>>>> /usr/local/bin/openvpnctrl rw start
>>>> Starting OpenVPN Roadwarrior Server...=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0 [ OK=C2=A0 ]
>>>> Starting OpenVPN Authenticator... [=C2=A0 OK=C2=A0 ]
>>>>
>>>> So tried the status command again
>>>>
>>>> /usr/local/bin/openvpnctrl rw status
>>>> openvpn is running with Process ID(s)=C2=A0 6883.
>>>>
>>>> So good the server is running but when I looked at the OpenVPN WUI page =
it still showed Stopped, also on the Services page.
>>>>
>>>> I then pressed the Save button on the OpenVPN WUI=C2=A0 main page and th=
en checked the status again and got
>>>>
>>>> /usr/local/bin/openvpnctrl rw status
>>>> /usr/sbin/openvpn is not running but /var/run/openvpn-rw.pid exists.
>>>>
>>>> So doing the save caused the server to stop but leave the pid in place.
>>>>
>>>>
>>>> So I am not sure what has changed between our meetup and what I am build=
ing now. As far as I can tell from the branch in the repo, nothing has change=
d since 23rd Sept.
>>>>
>>>> Maybe how I have done the pull of the repo is incorrect in some way and =
I am ending up in some mixed up situation but as it stands I definitely canno=
t test anything.
>>>>
>>>> I will try creating a complete new copy of that branch on my system to s=
ee if anything gets better but I am also open to any suggestions of what I mi=
ght have done wrong.
>>>>
>>>>
>>>> Regards,
>>>>
>>>> Adolf
>>>>
>>
>

--===============2172443829330279764==--