Feedback on the branch openvpn-rebase

Feedback on the branch openvpn-rebase

[Adolf Belka]

Hi All,

Tested out the latest openvpn-rebase branch from @ms using the link to the iso that he provided from the latest fixes.

The disable and enable checkbox now works. If you enable the checkbox and save then the box is enabled and if you then disable and save it the checkbox now is disabled so that previous issue is fixed.


Unfortunately the start and stop issue is still present.

When I start the system running with the openvpn server running and then I disable the server then it shows the server as stopped.

If I then enable the server and save then the checkbox is enabled but the server stays stopped.

On the command line the status shows

/usr/sbin/openvpn is not running but /var/run/openvpn-rw.pid exists.

So the server stopped but the pid was not removed.

If I boot the system and the server was checked as enabled then everything starts properly.

The boot screen shows

Starting OpenVPN Roadwarrior Server...			OK
Starting OpenVPN Authenticator...			OK
Starting OpenVPN N2N connection 'ipfirenet2net'...	OK

then if I straight away reboot the shutdown screen shows


Stopping OpenVPN Authenticator...	Not running	WARN
Stopping OpenVPN Roadwarrior Server...			FAIL
Stopping OpenVPN N2N connection 'ipfirenet2net'...	OK


The N2N connection starts and stops correctly and the pid is removed.

I believe that this might be due to the variable PIDFILE being used for both the authenticator and the rw daemons and when the openvpn-rw daemon is being shutdown it has the authenticator pid in the PIDFILE variable and not the openvpn-rw.pid file name.

I have tried various ways to change this in the openvpn-rw initscript but I ended up fixing it for one thing but then creating a problem for another one. Basically I think because I don't understand how the whole initscript and pid process is running in IPFire.

Regards,
Adolf.

Re: Feedback on the branch openvpn-rebase

[Adolf Belka]

Hi All,

Have found out why the openvpn-authenticator shows up as not running when being stopped. In the initscript stop section there is

openvon-authenticator

instead of

openvpn-authenticator

Regards,
Adolf


On 29/06/2025 12:51, Adolf Belka wrote:
> Hi All,
> 
> Tested out the latest openvpn-rebase branch from @ms using the link to the iso that he provided from the latest fixes.
> 
> The disable and enable checkbox now works. If you enable the checkbox and save then the box is enabled and if you then disable and save it the checkbox now is disabled so that previous issue is fixed.
> 
> 
> Unfortunately the start and stop issue is still present.
> 
> When I start the system running with the openvpn server running and then I disable the server then it shows the server as stopped.
> 
> If I then enable the server and save then the checkbox is enabled but the server stays stopped.
> 
> On the command line the status shows
> 
> /usr/sbin/openvpn is not running but /var/run/openvpn-rw.pid exists.
> 
> So the server stopped but the pid was not removed.
> 
> If I boot the system and the server was checked as enabled then everything starts properly.
> 
> The boot screen shows
> 
> Starting OpenVPN Roadwarrior Server...            OK
> Starting OpenVPN Authenticator...            OK
> Starting OpenVPN N2N connection 'ipfirenet2net'...    OK
> 
> then if I straight away reboot the shutdown screen shows
> 
> 
> Stopping OpenVPN Authenticator...    Not running    WARN
> Stopping OpenVPN Roadwarrior Server...            FAIL
> Stopping OpenVPN N2N connection 'ipfirenet2net'...    OK
> 
> 
> The N2N connection starts and stops correctly and the pid is removed.
> 
> I believe that this might be due to the variable PIDFILE being used for both the authenticator and the rw daemons and when the openvpn-rw daemon is being shutdown it has the authenticator pid in the PIDFILE variable and not the openvpn-rw.pid file name.
> 
> I have tried various ways to change this in the openvpn-rw initscript but I ended up fixing it for one thing but then creating a problem for another one. Basically I think because I don't understand how the whole initscript and pid process is running in IPFire.
> 
> Regards,
> Adolf.

Re: Feedback on the branch openvpn-rebase

[Michael Tremer]

Hello Adolf,

Thank you very much for looking into this for me.

> On 29 Jun 2025, at 11:51, Adolf Belka <adolf.belka@ipfire.org> wrote:
> 
> Hi All,
> 
> Tested out the latest openvpn-rebase branch from @ms using the link to the iso that he provided from the latest fixes.
> 
> The disable and enable checkbox now works. If you enable the checkbox and save then the box is enabled and if you then disable and save it the checkbox now is disabled so that previous issue is fixed.

That is a good start.

> Unfortunately the start and stop issue is still present.

This is less good. I am sure that I tested that the sever gets properly started, restarted and stopped. I can look into this again. Hopefully this should not stop us from conducting any further testing.

> When I start the system running with the openvpn server running and then I disable the server then it shows the server as stopped.
> 
> If I then enable the server and save then the checkbox is enabled but the server stays stopped.
> 
> On the command line the status shows
> 
> /usr/sbin/openvpn is not running but /var/run/openvpn-rw.pid exists.
> 
> So the server stopped but the pid was not removed.
> 
> If I boot the system and the server was checked as enabled then everything starts properly.
> 
> The boot screen shows
> 
> Starting OpenVPN Roadwarrior Server... OK
> Starting OpenVPN Authenticator... OK
> Starting OpenVPN N2N connection 'ipfirenet2net'... OK
> 
> then if I straight away reboot the shutdown screen shows
> 
> 
> Stopping OpenVPN Authenticator... Not running WARN
> Stopping OpenVPN Roadwarrior Server... FAIL
> Stopping OpenVPN N2N connection 'ipfirenet2net'... OK

Okay, this is interesting. The authenticator cannot run without the RW service being active. So this does not concern me at this point.

The RW server should however be running if it is enabled. Is there anything in the logs that explains why it crashed?

> The N2N connection starts and stops correctly and the pid is removed.
> 
> I believe that this might be due to the variable PIDFILE being used for both the authenticator and the rw daemons and when the openvpn-rw daemon is being shutdown it has the authenticator pid in the PIDFILE variable and not the openvpn-rw.pid file name.

Yes, I had to play around a lot with this. The initscripts are designed to deal with only one service and I hacked my way around it.

> I have tried various ways to change this in the openvpn-rw initscript but I ended up fixing it for one thing but then creating a problem for another one. Basically I think because I don't understand how the whole initscript and pid process is running in IPFire.

Neither do I :) It is all very broken there and so there won't be a very clean and obvious way ahead.

I will look into it.

Any other findings so far?

-Michael

> 
> Regards,
> Adolf.
> 

Re: Feedback on the branch openvpn-rebase

[Michael Tremer]

Hello Adolf,

The initscript works absolutely fine for me:

[root@ipfire-openvpn ipfire-2.x]# /etc/init.d/openvpn-rw status
/usr/sbin/openvpn is not running.
[root@ipfire-openvpn ipfire-2.x]# /etc/init.d/openvpn-rw start
Starting OpenVPN Roadwarrior Server...                                                                                                                                             [  OK  ]
Starting OpenVPN Authenticator...                                                                                                                                                  [  OK  ]
[root@ipfire-openvpn ipfire-2.x]# /etc/init.d/openvpn-rw status
openvpn is running with Process ID(s)  27406.
[root@ipfire-openvpn ipfire-2.x]# ps aux | grep openvpn
nobody   27406  0.0  0.1  12052  7624 ?        Ss   10:45   0:00 /usr/sbin/openvpn --config /var/ipfire/ovpn/server.conf
root     27446  0.0  0.2  16580 10740 ?        S    10:45   0:00 /usr/bin/python3 /usr/sbin/openvpn-authenticator --daemon
root     27455  0.0  0.0   6660  2612 pts/1    S+   10:45   0:00 grep openvpn
[root@ipfire-openvpn ipfire-2.x]# ll /var/run/openvpn*
-rw------- 1 root   root   227 Jun 30 10:45 /var/run/openvpn-rw.log
-rw-r--r-- 1 root   root     6 Jun 30 10:45 /var/run/openvpn-rw.pid
srwxrwxrwx 1 root   root     0 Jun 30 10:45 /var/run/openvpn.sock

/var/run/openvpn:
total 0
[root@ipfire-openvpn ipfire-2.x]# /etc/init.d/openvpn-rw stop
Stopping OpenVPN Authenticator...                                                                                                                                                  [  OK  ]
Stopping OpenVPN Roadwarrior Server...                                                                                                                                             [  OK  ]
[root@ipfire-openvpn ipfire-2.x]# ll /var/run/openvpn*
-rw------- 1 root   root   227 Jun 30 10:45 /var/run/openvpn-rw.log
srwxrwxrwx 1 root   root     0 Jun 30 10:45 /var/run/openvpn.sock

/var/run/openvpn:
total 0
[root@ipfire-openvpn ipfire-2.x]# /etc/init.d/openvpn-rw status
/usr/sbin/openvpn is not running.

Can you confirm this on your system? Might the problem simply be that your OpenVPN RW server crashes and then the PID file does not get cleaned up properly?

-Michael

> On 30 Jun 2025, at 09:40, Michael Tremer <michael.tremer@ipfire.org> wrote:
> 
> Hello Adolf,
> 
> Thank you very much for looking into this for me.
> 
>> On 29 Jun 2025, at 11:51, Adolf Belka <adolf.belka@ipfire.org> wrote:
>> 
>> Hi All,
>> 
>> Tested out the latest openvpn-rebase branch from @ms using the link to the iso that he provided from the latest fixes.
>> 
>> The disable and enable checkbox now works. If you enable the checkbox and save then the box is enabled and if you then disable and save it the checkbox now is disabled so that previous issue is fixed.
> 
> That is a good start.
> 
>> Unfortunately the start and stop issue is still present.
> 
> This is less good. I am sure that I tested that the sever gets properly started, restarted and stopped. I can look into this again. Hopefully this should not stop us from conducting any further testing.
> 
>> When I start the system running with the openvpn server running and then I disable the server then it shows the server as stopped.
>> 
>> If I then enable the server and save then the checkbox is enabled but the server stays stopped.
>> 
>> On the command line the status shows
>> 
>> /usr/sbin/openvpn is not running but /var/run/openvpn-rw.pid exists.
>> 
>> So the server stopped but the pid was not removed.
>> 
>> If I boot the system and the server was checked as enabled then everything starts properly.
>> 
>> The boot screen shows
>> 
>> Starting OpenVPN Roadwarrior Server... OK
>> Starting OpenVPN Authenticator... OK
>> Starting OpenVPN N2N connection 'ipfirenet2net'... OK
>> 
>> then if I straight away reboot the shutdown screen shows
>> 
>> 
>> Stopping OpenVPN Authenticator... Not running WARN
>> Stopping OpenVPN Roadwarrior Server... FAIL
>> Stopping OpenVPN N2N connection 'ipfirenet2net'... OK
> 
> Okay, this is interesting. The authenticator cannot run without the RW service being active. So this does not concern me at this point.
> 
> The RW server should however be running if it is enabled. Is there anything in the logs that explains why it crashed?
> 
>> The N2N connection starts and stops correctly and the pid is removed.
>> 
>> I believe that this might be due to the variable PIDFILE being used for both the authenticator and the rw daemons and when the openvpn-rw daemon is being shutdown it has the authenticator pid in the PIDFILE variable and not the openvpn-rw.pid file name.
> 
> Yes, I had to play around a lot with this. The initscripts are designed to deal with only one service and I hacked my way around it.
> 
>> I have tried various ways to change this in the openvpn-rw initscript but I ended up fixing it for one thing but then creating a problem for another one. Basically I think because I don't understand how the whole initscript and pid process is running in IPFire.
> 
> Neither do I :) It is all very broken there and so there won't be a very clean and obvious way ahead.
> 
> I will look into it.
> 
> Any other findings so far?
> 
> -Michael
> 
>> 
>> Regards,
>> Adolf.

Re: Feedback on the branch openvpn-rebase

[Michael Tremer]

Very good find. Thank you!

  https://git.ipfire.org/?p=people/ms/ipfire-2.x.git;a=commitdiff;h=fa5a2a9f7c9bd63d1192c7ddef623021bc9d3620

-Michael

> On 29 Jun 2025, at 12:35, Adolf Belka <adolf.belka@ipfire.org> wrote:
> 
> Hi All,
> 
> Have found out why the openvpn-authenticator shows up as not running when being stopped. In the initscript stop section there is
> 
> openvon-authenticator
> 
> instead of
> 
> openvpn-authenticator
> 
> Regards,
> Adolf
> 
> 
> On 29/06/2025 12:51, Adolf Belka wrote:
>> Hi All,
>> Tested out the latest openvpn-rebase branch from @ms using the link to the iso that he provided from the latest fixes.
>> The disable and enable checkbox now works. If you enable the checkbox and save then the box is enabled and if you then disable and save it the checkbox now is disabled so that previous issue is fixed.
>> Unfortunately the start and stop issue is still present.
>> When I start the system running with the openvpn server running and then I disable the server then it shows the server as stopped.
>> If I then enable the server and save then the checkbox is enabled but the server stays stopped.
>> On the command line the status shows
>> /usr/sbin/openvpn is not running but /var/run/openvpn-rw.pid exists.
>> So the server stopped but the pid was not removed.
>> If I boot the system and the server was checked as enabled then everything starts properly.
>> The boot screen shows
>> Starting OpenVPN Roadwarrior Server...            OK
>> Starting OpenVPN Authenticator...            OK
>> Starting OpenVPN N2N connection 'ipfirenet2net'...    OK
>> then if I straight away reboot the shutdown screen shows
>> Stopping OpenVPN Authenticator...    Not running    WARN
>> Stopping OpenVPN Roadwarrior Server...            FAIL
>> Stopping OpenVPN N2N connection 'ipfirenet2net'...    OK
>> The N2N connection starts and stops correctly and the pid is removed.
>> I believe that this might be due to the variable PIDFILE being used for both the authenticator and the rw daemons and when the openvpn-rw daemon is being shutdown it has the authenticator pid in the PIDFILE variable and not the openvpn-rw.pid file name.
>> I have tried various ways to change this in the openvpn-rw initscript but I ended up fixing it for one thing but then creating a problem for another one. Basically I think because I don't understand how the whole initscript and pid process is running in IPFire.
>> Regards,
>> Adolf.
> 
> 

Re: Feedback on the branch openvpn-rebase

[Adolf Belka]

Hi Michael,

On 30/06/2025 10:46, Michael Tremer wrote:
> Hello Adolf,
> 
> The initscript works absolutely fine for me:

Interesting.

> 
> [root@ipfire-openvpn ipfire-2.x]# /etc/init.d/openvpn-rw status
> /usr/sbin/openvpn is not running.
> [root@ipfire-openvpn ipfire-2.x]# /etc/init.d/openvpn-rw start
> Starting OpenVPN Roadwarrior Server...                                                                                                                                             [  OK  ]
> Starting OpenVPN Authenticator...                                                                                                                                                  [  OK  ]
> [root@ipfire-openvpn ipfire-2.x]# /etc/init.d/openvpn-rw status
> openvpn is running with Process ID(s)  27406.
> [root@ipfire-openvpn ipfire-2.x]# ps aux | grep openvpn
> nobody   27406  0.0  0.1  12052  7624 ?        Ss   10:45   0:00 /usr/sbin/openvpn --config /var/ipfire/ovpn/server.conf
> root     27446  0.0  0.2  16580 10740 ?        S    10:45   0:00 /usr/bin/python3 /usr/sbin/openvpn-authenticator --daemon
> root     27455  0.0  0.0   6660  2612 pts/1    S+   10:45   0:00 grep openvpn
> [root@ipfire-openvpn ipfire-2.x]# ll /var/run/openvpn*
> -rw------- 1 root   root   227 Jun 30 10:45 /var/run/openvpn-rw.log
> -rw-r--r-- 1 root   root     6 Jun 30 10:45 /var/run/openvpn-rw.pid
> srwxrwxrwx 1 root   root     0 Jun 30 10:45 /var/run/openvpn.sock
> 
> /var/run/openvpn:
> total 0
> [root@ipfire-openvpn ipfire-2.x]# /etc/init.d/openvpn-rw stop
> Stopping OpenVPN Authenticator...                                                                                                                                                  [  OK  ]
> Stopping OpenVPN Roadwarrior Server...                                                                                                                                             [  OK  ]
> [root@ipfire-openvpn ipfire-2.x]# ll /var/run/openvpn*
> -rw------- 1 root   root   227 Jun 30 10:45 /var/run/openvpn-rw.log
> srwxrwxrwx 1 root   root     0 Jun 30 10:45 /var/run/openvpn.sock
> 
> /var/run/openvpn:
> total 0
> [root@ipfire-openvpn ipfire-2.x]# /etc/init.d/openvpn-rw status
> /usr/sbin/openvpn is not running.
> 
> Can you confirm this on your system? Might the problem simply be that your OpenVPN RW server crashes and then the PID file does not get cleaned up properly?

I already confirmed that because when it wouldn't start in the WUI again, I used the manual commands. The only difference I see in the commands is that I used /etc/rc.d/init.d/openvpn-rw

My testing was also done on an install from the iso that you provided the link to.

One thing I noticed is that your /var/run/openvpn/ directory is empty, so presumably no net 2 net config. I do have that, so I just disabled the n2n connection (not deleted) and now my stop command is working correctly.

I then enabled the n2n connection again and the RW server can still be successfully enabled/started and disabled/stopped and enabled/started again.

So whatever the problem is it was only present after I had restored IPFire so that I got the rw and n2n connections.

However now, the n2n connection no longer shows DISCONNECTED in a red background but an empty space and now the n2n connection is no longer showing up in my ps aux | grep openvpn listing, whereas before it did.

I will try doing a fresh install again and test out with a fresh config of the rw alone and then after that do a restore of my rw/n2n connections and see what happens then.

Regards,

Adolf.


> 
> -Michael
> 
>> On 30 Jun 2025, at 09:40, Michael Tremer <michael.tremer@ipfire.org> wrote:
>>
>> Hello Adolf,
>>
>> Thank you very much for looking into this for me.
>>
>>> On 29 Jun 2025, at 11:51, Adolf Belka <adolf.belka@ipfire.org> wrote:
>>>
>>> Hi All,
>>>
>>> Tested out the latest openvpn-rebase branch from @ms using the link to the iso that he provided from the latest fixes.
>>>
>>> The disable and enable checkbox now works. If you enable the checkbox and save then the box is enabled and if you then disable and save it the checkbox now is disabled so that previous issue is fixed.
>>
>> That is a good start.
>>
>>> Unfortunately the start and stop issue is still present.
>>
>> This is less good. I am sure that I tested that the sever gets properly started, restarted and stopped. I can look into this again. Hopefully this should not stop us from conducting any further testing.
>>
>>> When I start the system running with the openvpn server running and then I disable the server then it shows the server as stopped.
>>>
>>> If I then enable the server and save then the checkbox is enabled but the server stays stopped.
>>>
>>> On the command line the status shows
>>>
>>> /usr/sbin/openvpn is not running but /var/run/openvpn-rw.pid exists.
>>>
>>> So the server stopped but the pid was not removed.
>>>
>>> If I boot the system and the server was checked as enabled then everything starts properly.
>>>
>>> The boot screen shows
>>>
>>> Starting OpenVPN Roadwarrior Server... OK
>>> Starting OpenVPN Authenticator... OK
>>> Starting OpenVPN N2N connection 'ipfirenet2net'... OK
>>>
>>> then if I straight away reboot the shutdown screen shows
>>>
>>>
>>> Stopping OpenVPN Authenticator... Not running WARN
>>> Stopping OpenVPN Roadwarrior Server... FAIL
>>> Stopping OpenVPN N2N connection 'ipfirenet2net'... OK
>>
>> Okay, this is interesting. The authenticator cannot run without the RW service being active. So this does not concern me at this point.
>>
>> The RW server should however be running if it is enabled. Is there anything in the logs that explains why it crashed?
>>
>>> The N2N connection starts and stops correctly and the pid is removed.
>>>
>>> I believe that this might be due to the variable PIDFILE being used for both the authenticator and the rw daemons and when the openvpn-rw daemon is being shutdown it has the authenticator pid in the PIDFILE variable and not the openvpn-rw.pid file name.
>>
>> Yes, I had to play around a lot with this. The initscripts are designed to deal with only one service and I hacked my way around it.
>>
>>> I have tried various ways to change this in the openvpn-rw initscript but I ended up fixing it for one thing but then creating a problem for another one. Basically I think because I don't understand how the whole initscript and pid process is running in IPFire.
>>
>> Neither do I :) It is all very broken there and so there won't be a very clean and obvious way ahead.
>>
>> I will look into it.
>>
>> Any other findings so far?
>>
>> -Michael
>>
>>>
>>> Regards,
>>> Adolf.
> 
> 
> 

Re: Feedback on the branch openvpn-rebase

[Michael Tremer]

Hello,

> On 30 Jun 2025, at 10:55, Adolf Belka <adolf.belka@ipfire.org> wrote:
> 
> Hi Michael,
> 
> On 30/06/2025 10:46, Michael Tremer wrote:
>> Hello Adolf,
>> The initscript works absolutely fine for me:
> 
> Interesting.
> 
>> [root@ipfire-openvpn ipfire-2.x]# /etc/init.d/openvpn-rw status
>> /usr/sbin/openvpn is not running.
>> [root@ipfire-openvpn ipfire-2.x]# /etc/init.d/openvpn-rw start
>> Starting OpenVPN Roadwarrior Server...                                                                                       [  OK  ]
>> Starting OpenVPN Authenticator...                                                                                            [  OK  ]
>> [root@ipfire-openvpn ipfire-2.x]# /etc/init.d/openvpn-rw status
>> openvpn is running with Process ID(s)  27406.
>> [root@ipfire-openvpn ipfire-2.x]# ps aux | grep openvpn
>> nobody   27406  0.0  0.1  12052  7624 ?        Ss   10:45   0:00 /usr/sbin/openvpn --config /var/ipfire/ovpn/server.conf
>> root     27446  0.0  0.2  16580 10740 ?        S    10:45   0:00 /usr/bin/python3 /usr/sbin/openvpn-authenticator --daemon
>> root     27455  0.0  0.0   6660  2612 pts/1    S+   10:45   0:00 grep openvpn
>> [root@ipfire-openvpn ipfire-2.x]# ll /var/run/openvpn*
>> -rw------- 1 root   root   227 Jun 30 10:45 /var/run/openvpn-rw.log
>> -rw-r--r-- 1 root   root     6 Jun 30 10:45 /var/run/openvpn-rw.pid
>> srwxrwxrwx 1 root   root     0 Jun 30 10:45 /var/run/openvpn.sock
>> /var/run/openvpn:
>> total 0
>> [root@ipfire-openvpn ipfire-2.x]# /etc/init.d/openvpn-rw stop
>> Stopping OpenVPN Authenticator...                                                                                            [  OK  ]
>> Stopping OpenVPN Roadwarrior Server...                                                                                       [  OK  ]
>> [root@ipfire-openvpn ipfire-2.x]# ll /var/run/openvpn*
>> -rw------- 1 root   root   227 Jun 30 10:45 /var/run/openvpn-rw.log
>> srwxrwxrwx 1 root   root     0 Jun 30 10:45 /var/run/openvpn.sock
>> /var/run/openvpn:
>> total 0
>> [root@ipfire-openvpn ipfire-2.x]# /etc/init.d/openvpn-rw status
>> /usr/sbin/openvpn is not running.
>> Can you confirm this on your system? Might the problem simply be that your OpenVPN RW server crashes and then the PID file does not get cleaned up properly?
> 
> I already confirmed that because when it wouldn't start in the WUI again, I used the manual commands. The only difference I see in the commands is that I used /etc/rc.d/init.d/openvpn-rw
> 
> My testing was also done on an install from the iso that you provided the link to.

Yes, I am also on the same image.

There is now one initscript for the road warrior service and one for the n2n services.

> One thing I noticed is that your /var/run/openvpn/ directory is empty, so presumably no net 2 net config. I do have that, so I just disabled the n2n connection (not deleted) and now my stop command is working correctly.

I don’t have any N2N connections on this test system. It should not make a difference at all, but I cannot say that I tested this all a lot.

> I then enabled the n2n connection again and the RW server can still be successfully enabled/started and disabled/stopped and enabled/started again.
> 
> So whatever the problem is it was only present after I had restored IPFire so that I got the rw and n2n connections.

Hmm, this is why we are testing his. A lot of code has changed. I just don’t know what do to with this issue now.

> However now, the n2n connection no longer shows DISCONNECTED in a red background but an empty space and now the n2n connection is no longer showing up in my ps aux | grep openvpn listing, whereas before it did.
> 
> I will try doing a fresh install again and test out with a fresh config of the rw alone and then after that do a restore of my rw/n2n connections and see what happens then.

Yes, this sounds sensible. I have only ever tested a fresh installation and never restored any existing configuration. There might be bugs here.

-Michael

> 
> Regards,
> 
> Adolf.
> 
> 
>> -Michael
>>> On 30 Jun 2025, at 09:40, Michael Tremer <michael.tremer@ipfire.org> wrote:
>>> 
>>> Hello Adolf,
>>> 
>>> Thank you very much for looking into this for me.
>>> 
>>>> On 29 Jun 2025, at 11:51, Adolf Belka <adolf.belka@ipfire.org> wrote:
>>>> 
>>>> Hi All,
>>>> 
>>>> Tested out the latest openvpn-rebase branch from @ms using the link to the iso that he provided from the latest fixes.
>>>> 
>>>> The disable and enable checkbox now works. If you enable the checkbox and save then the box is enabled and if you then disable and save it the checkbox now is disabled so that previous issue is fixed.
>>> 
>>> That is a good start.
>>> 
>>>> Unfortunately the start and stop issue is still present.
>>> 
>>> This is less good. I am sure that I tested that the sever gets properly started, restarted and stopped. I can look into this again. Hopefully this should not stop us from conducting any further testing.
>>> 
>>>> When I start the system running with the openvpn server running and then I disable the server then it shows the server as stopped.
>>>> 
>>>> If I then enable the server and save then the checkbox is enabled but the server stays stopped.
>>>> 
>>>> On the command line the status shows
>>>> 
>>>> /usr/sbin/openvpn is not running but /var/run/openvpn-rw.pid exists.
>>>> 
>>>> So the server stopped but the pid was not removed.
>>>> 
>>>> If I boot the system and the server was checked as enabled then everything starts properly.
>>>> 
>>>> The boot screen shows
>>>> 
>>>> Starting OpenVPN Roadwarrior Server... OK
>>>> Starting OpenVPN Authenticator... OK
>>>> Starting OpenVPN N2N connection 'ipfirenet2net'... OK
>>>> 
>>>> then if I straight away reboot the shutdown screen shows
>>>> 
>>>> 
>>>> Stopping OpenVPN Authenticator... Not running WARN
>>>> Stopping OpenVPN Roadwarrior Server... FAIL
>>>> Stopping OpenVPN N2N connection 'ipfirenet2net'... OK
>>> 
>>> Okay, this is interesting. The authenticator cannot run without the RW service being active. So this does not concern me at this point.
>>> 
>>> The RW server should however be running if it is enabled. Is there anything in the logs that explains why it crashed?
>>> 
>>>> The N2N connection starts and stops correctly and the pid is removed.
>>>> 
>>>> I believe that this might be due to the variable PIDFILE being used for both the authenticator and the rw daemons and when the openvpn-rw daemon is being shutdown it has the authenticator pid in the PIDFILE variable and not the openvpn-rw.pid file name.
>>> 
>>> Yes, I had to play around a lot with this. The initscripts are designed to deal with only one service and I hacked my way around it.
>>> 
>>>> I have tried various ways to change this in the openvpn-rw initscript but I ended up fixing it for one thing but then creating a problem for another one. Basically I think because I don't understand how the whole initscript and pid process is running in IPFire.
>>> 
>>> Neither do I :) It is all very broken there and so there won't be a very clean and obvious way ahead.
>>> 
>>> I will look into it.
>>> 
>>> Any other findings so far?
>>> 
>>> -Michael
>>> 
>>>> 
>>>> Regards,
>>>> Adolf.

Re: Feedback on the branch openvpn-rebase

[Adolf Belka]

Hi Michael,

Before doing a fresh install I had a closer look and found that the n2n config was no longer showing the status because it was not running and wouldn't start due to the old pid still being present.

So what I have found is that if you have no openvpn server running and start the rw server you can start and stop it with no problems and it removes the openvpn-rw.pid.

If you only enable the n2n connection then the n2n connection is started abnd can be stopped and started again with no problems and it removes the ${name}n2n.pid file.

However if you start both the rw server and enable a n2n connection, they both start okay but now if you stop the rw server it stops openvpn but leaves the openvpn-rw.pid in place. If instead you disable the n2n connection, this stops that service running but it fails to remove the ${name}n2n.pid file.

So the rw server and the n2n connection services have some interaction around identifying the correct pid file.

Regards,
Adolf.

On 30/06/2025 11:55, Adolf Belka wrote:
> Hi Michael,
> 
> On 30/06/2025 10:46, Michael Tremer wrote:
>> Hello Adolf,
>>
>> The initscript works absolutely fine for me:
> 
> Interesting.
> 
>>
>> [root@ipfire-openvpn ipfire-2.x]# /etc/init.d/openvpn-rw status
>> /usr/sbin/openvpn is not running.
>> [root@ipfire-openvpn ipfire-2.x]# /etc/init.d/openvpn-rw start
>> Starting OpenVPN Roadwarrior Server...                                                                                                                                             [  OK  ]
>> Starting OpenVPN Authenticator...                                                                                                                                                  [  OK  ]
>> [root@ipfire-openvpn ipfire-2.x]# /etc/init.d/openvpn-rw status
>> openvpn is running with Process ID(s)  27406.
>> [root@ipfire-openvpn ipfire-2.x]# ps aux | grep openvpn
>> nobody   27406  0.0  0.1  12052  7624 ?        Ss   10:45   0:00 /usr/sbin/openvpn --config /var/ipfire/ovpn/server.conf
>> root     27446  0.0  0.2  16580 10740 ?        S    10:45   0:00 /usr/bin/python3 /usr/sbin/openvpn-authenticator --daemon
>> root     27455  0.0  0.0   6660  2612 pts/1    S+   10:45   0:00 grep openvpn
>> [root@ipfire-openvpn ipfire-2.x]# ll /var/run/openvpn*
>> -rw------- 1 root   root   227 Jun 30 10:45 /var/run/openvpn-rw.log
>> -rw-r--r-- 1 root   root     6 Jun 30 10:45 /var/run/openvpn-rw.pid
>> srwxrwxrwx 1 root   root     0 Jun 30 10:45 /var/run/openvpn.sock
>>
>> /var/run/openvpn:
>> total 0
>> [root@ipfire-openvpn ipfire-2.x]# /etc/init.d/openvpn-rw stop
>> Stopping OpenVPN Authenticator...                                                                                                                                                  [  OK  ]
>> Stopping OpenVPN Roadwarrior Server...                                                                                                                                             [  OK  ]
>> [root@ipfire-openvpn ipfire-2.x]# ll /var/run/openvpn*
>> -rw------- 1 root   root   227 Jun 30 10:45 /var/run/openvpn-rw.log
>> srwxrwxrwx 1 root   root     0 Jun 30 10:45 /var/run/openvpn.sock
>>
>> /var/run/openvpn:
>> total 0
>> [root@ipfire-openvpn ipfire-2.x]# /etc/init.d/openvpn-rw status
>> /usr/sbin/openvpn is not running.
>>
>> Can you confirm this on your system? Might the problem simply be that your OpenVPN RW server crashes and then the PID file does not get cleaned up properly?
> 
> I already confirmed that because when it wouldn't start in the WUI again, I used the manual commands. The only difference I see in the commands is that I used /etc/rc.d/init.d/openvpn-rw
> 
> My testing was also done on an install from the iso that you provided the link to.
> 
> One thing I noticed is that your /var/run/openvpn/ directory is empty, so presumably no net 2 net config. I do have that, so I just disabled the n2n connection (not deleted) and now my stop command is working correctly.
> 
> I then enabled the n2n connection again and the RW server can still be successfully enabled/started and disabled/stopped and enabled/started again.
> 
> So whatever the problem is it was only present after I had restored IPFire so that I got the rw and n2n connections.
> 
> However now, the n2n connection no longer shows DISCONNECTED in a red background but an empty space and now the n2n connection is no longer showing up in my ps aux | grep openvpn listing, whereas before it did.
> 
> I will try doing a fresh install again and test out with a fresh config of the rw alone and then after that do a restore of my rw/n2n connections and see what happens then.
> 
> Regards,
> 
> Adolf.
> 
> 
>>
>> -Michael
>>
>>> On 30 Jun 2025, at 09:40, Michael Tremer <michael.tremer@ipfire.org> wrote:
>>>
>>> Hello Adolf,
>>>
>>> Thank you very much for looking into this for me.
>>>
>>>> On 29 Jun 2025, at 11:51, Adolf Belka <adolf.belka@ipfire.org> wrote:
>>>>
>>>> Hi All,
>>>>
>>>> Tested out the latest openvpn-rebase branch from @ms using the link to the iso that he provided from the latest fixes.
>>>>
>>>> The disable and enable checkbox now works. If you enable the checkbox and save then the box is enabled and if you then disable and save it the checkbox now is disabled so that previous issue is fixed.
>>>
>>> That is a good start.
>>>
>>>> Unfortunately the start and stop issue is still present.
>>>
>>> This is less good. I am sure that I tested that the sever gets properly started, restarted and stopped. I can look into this again. Hopefully this should not stop us from conducting any further testing.
>>>
>>>> When I start the system running with the openvpn server running and then I disable the server then it shows the server as stopped.
>>>>
>>>> If I then enable the server and save then the checkbox is enabled but the server stays stopped.
>>>>
>>>> On the command line the status shows
>>>>
>>>> /usr/sbin/openvpn is not running but /var/run/openvpn-rw.pid exists.
>>>>
>>>> So the server stopped but the pid was not removed.
>>>>
>>>> If I boot the system and the server was checked as enabled then everything starts properly.
>>>>
>>>> The boot screen shows
>>>>
>>>> Starting OpenVPN Roadwarrior Server... OK
>>>> Starting OpenVPN Authenticator... OK
>>>> Starting OpenVPN N2N connection 'ipfirenet2net'... OK
>>>>
>>>> then if I straight away reboot the shutdown screen shows
>>>>
>>>>
>>>> Stopping OpenVPN Authenticator... Not running WARN
>>>> Stopping OpenVPN Roadwarrior Server... FAIL
>>>> Stopping OpenVPN N2N connection 'ipfirenet2net'... OK
>>>
>>> Okay, this is interesting. The authenticator cannot run without the RW service being active. So this does not concern me at this point.
>>>
>>> The RW server should however be running if it is enabled. Is there anything in the logs that explains why it crashed?
>>>
>>>> The N2N connection starts and stops correctly and the pid is removed.
>>>>
>>>> I believe that this might be due to the variable PIDFILE being used for both the authenticator and the rw daemons and when the openvpn-rw daemon is being shutdown it has the authenticator pid in the PIDFILE variable and not the openvpn-rw.pid file name.
>>>
>>> Yes, I had to play around a lot with this. The initscripts are designed to deal with only one service and I hacked my way around it.
>>>
>>>> I have tried various ways to change this in the openvpn-rw initscript but I ended up fixing it for one thing but then creating a problem for another one. Basically I think because I don't understand how the whole initscript and pid process is running in IPFire.
>>>
>>> Neither do I :) It is all very broken there and so there won't be a very clean and obvious way ahead.
>>>
>>> I will look into it.
>>>
>>> Any other findings so far?
>>>
>>> -Michael
>>>
>>>>
>>>> Regards,
>>>> Adolf.
>>
>>
>>
>