Re: CU197 Testing - OpenVPN Road Warrior Statistics graphs not working.

[Michael Tremer <michael.tremer@ipfire.org>]

Hello,

> On 15 Sep 2025, at 12:45, Adolf Belka <adolf.belka@ipfire.org> wrote:
> 
> Hi Michael,
> 
> A further update.
> 
> On 15/09/2025 13:23, Adolf Belka wrote:
>> Hi Michael,
>> I am going to reply to all the openvpn changes related to CU197 Testing.
>> The changes for the Road Warrior Statistics graphs worked. All the graphs are working in CU197 Testing.
>> I also submitted changes for the wio addon to update the RW log file name. Those changes were implemented but obviously are not enough to make wio show the openvpn connection statuses. There must be some other aspects that the wio code is using that need to be updated.
>> However, I think that this can be left for CU198. The status of the openvpn connections can be see on the openvpn WUI page and I don't think we need to delay CU197 Testing for me to fix the wio openvpn status. I will continue to look at that and submit any required patches once I understand what other changes in wio are needed.
> 
> I identified that the wio addon was also using openvpn.pid and this has been updated to openvpn-rw.pid so I now know how to fix this. Still need to test it out to confirm that it actually fixes it.

I really hate how much code relies on broken checks like a PID file. That is not a valid check whether something is enabled and alive or not. But since we want to get this release out and since WIO has also seen very little attention recently, there is no need to rewrite this right now. If ever.

> However, my investigation on the openvpn.pid identified that this is also used in the ids.cgi to check if openvpn has been started and, if yes, to add openvpn to the list of network zones. I then checked the list of zones shown in the IDS and OpenVPN was missing. I changed the openvpn.pid to openvpn-rw.pid in ids.cgi and the openvpn option to be enabled was shown again.
> That function I think we do want to have in CU197. I will submit a patch for that shortly so it can be merged into CU197 Testing.

Thank you.

> Regards,
> 
> Adolf.
> 
> 
>> I also tested out the routes stuff, to the extent that I could.The data from the routes-push file is now being correctly taken on board and applied in the server.conf and then the old routes-push file is removed. The problem of the gateway push problem that @iptom raised the bug for, I don't think I can easily test as I could never reproduce the problem he had in my network, which is a very simple limited network. I will update the bug and request @iptom to test out the new CU197 Testing build.
>> Presuming the routes issue of @iptom is solved with the latest version, then I am not aware of any remaining issues to block release.
>> Regards,
>> Adolf.
>> On 14/09/2025 12:40, Michael Tremer wrote:
>>> Sorry, I just overlooked them.
>>> 
>>> I merged them and pushed them just now.
>>> 
>>> -Michael
>>> 
>>>> On 14 Sep 2025, at 11:11, Adolf Belka <adolf.belka@ipfire.org> wrote:
>>>> 
>>>> Hi Michael,
>>>> 
>>>> On 08/09/2025 15:07, Adolf Belka wrote:
>>>>> Hi All,
>>>>> On 03/09/2025 20:21, Adolf Belka wrote:
>>>>>> Hallo All.
>>>>>> 
>>>>>> I have found another issue with OpenVPN on CU197 Testing.
>>>>>> 
>>>>>> The RW graphs Statistics graphs are not getting updated.
>>>>>> 
>>>>>> After some searching around, I found that it was because the collectd.vpn plugin was still saying /var/log/ovpnserver.log
>>>>>> 
>>>>>> I discovered that there was an update to the collectd.vpn file but collectd was not shipped in CU197 Testing so it didn't get included.
>>>>>> 
>>>>>> I have submitted a patch to ship collectd in CU197 Testing.
>>>>> I have dropped that patch in patchwork.
>>>>> I realised that doing that would update the ovpnserver.log to openvpn-rw.log but it would also remove any n2n entries in collectd.vpn
>>>>> I have submitted two new patches. One for update.sh in CU197, which after running the ovpnmain.cgi file checks if collectd.vpn has the old log file name in it and if so replaces it with the new version.
>>>>> The other patch is to do the same thing in backup.pl for any restores from old backups before CU197.
>>>>> This makes sure that the RW entry is updated but leaves any existing n2n entries alone in collectd.vpn.
>>>>> The above was tested and resulted in working graphs for the RW connection.
>>>> 
>>>> The two new patches mentioned above
>>>> 
>>>> https://lists.ipfire.org/development/20250908125938.3389609-1-adolf.belka@ipfire.org/T/#t
>>>> 
>>>> have not been merged yet. Have they just been missed or is there a question about them?
>>>> 
>>>> Regards,
>>>> 
>>>> Adolf.
>>>> 
>>>>> Regards,
>>>>> Adolf.
>>>>>> 
>>>>>> Evaluated the change in my vm and the rw graphs worked again.
>>>>>> 
>>>>>> Regards,
>>>>>> 
>>>>>> Adolf.
>>> 
>>> 
>