Re: [PATCH] OpenVPN: Add start of static routes in client N2N

[ummeegge <ummeegge@ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 3327 bytes --]

Hi all,
during some testings with N2N ciphers, i recognized a strange behavior
with this patch, the 'up /etc/init.d/static-routes start' command but
only with client connections. The complete network went down while
starting the connection and nothing was reachable anymore. The last
line in messages was 

Nov 25 23:53:21 ipfire-prime testcryptn2n[12261]: /etc/init.d/static-
routes start tun1 1500 1573 10.123.123.2 10.123.123.1 init

and from there on the screen freezes. The WUI was not reachable anymore
and SSH delivers a

ssh: connect to host 192.168.123.1 port 222: No route to host

have had no problems with the N2N TLS-Server which starts without
problems but the N2N TLS-Client crashed, even if no static route has
been defined, the whole network/routing.

Am not sure what causes this but i would strongly recommend to revert
this patch from origin/next !!!

May someone else can check this patch too ?

Best regards,

Erik


Am Mittwoch, den 11.11.2020, 18:12 +0000 schrieb ummeegge:
> Fixes: #12529
> 
> - If a client N2N configuration will be imported into IPFire systems,
> a line will be added which calls the --up script to restart the
> static route initscript. Since this is IPFire specific, i will only
> be
> added via import on IPFire system.
> - Deleted unneeded line in CLIENTCONF section.
> - Added description to SERVERCONF section.
> 
> Signed-off-by: ummeegge <erik.kapfer(a)ipfire.org>
> ---
>  html/cgi-bin/ovpnmain.cgi | 8 +++++++-
>  1 file changed, 7 insertions(+), 1 deletion(-)
> 
> diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
> index 8626a94ca..44cb48996 100644
> --- a/html/cgi-bin/ovpnmain.cgi
> +++ b/html/cgi-bin/ovpnmain.cgi
> @@ -953,6 +953,7 @@ unless(-d
> "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir
> "${General
>    print SERVERCONF "ifconfig $ovsubnet.1 $ovsubnet.2\n"; 
>    print SERVERCONF "# Client Gateway Network\n"; 
>    print SERVERCONF "route $remsubnet[0] $remsubnet[1]\n";
> +  print SERVERCONF "# Call up script for static routes\n";
>    print SERVERCONF "up \"/etc/init.d/static-routes start\"\n";
>    print SERVERCONF "# tun Device\n"; 
>    print SERVERCONF "dev tun\n"; 
> @@ -1052,7 +1053,6 @@ unless(-d
> "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir
> "${General
>    print CLIENTCONF "ifconfig $ovsubnet.2 $ovsubnet.1\n"; 
>    print CLIENTCONF "# Server Gateway Network\n"; 
>    print CLIENTCONF "route $remsubnet[0] $remsubnet[1]\n"; 
> -  print CLIENTCONF "up \"/etc/init.d/static-routes start\"\n";
>    print CLIENTCONF "# tun Device\n"; 
>    print CLIENTCONF "dev tun\n"; 
>    print CLIENTCONF "#Logfile for statistics\n";
> @@ -3333,6 +3333,12 @@ END
>         print FILE "status /var/run/openvpn/$n2nname[0]-n2n 10\n";
>         close FILE;
>  
> +       # Add static route command to client configuration
> +       open(FILE, ">> $tempdir/$uplconffilename") or die 'Unable to
> open config file.';
> +       print FILE "# Call up script for static routes\n";
> +       print FILE "up \"/etc/init.d/static-routes start\"\n";
> +       close FILE;
> +
>         move("$tempdir/$uplconffilename",
> "${General::swroot}/ovpn/n2nconf/$n2nname[0]/$uplconffilename2");
>  
>         if ($? ne 0) {