Re: [PATCH] OpenVPN: Add start of static routes in client N2N

[Michael Tremer <michael.tremer@ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 4002 bytes --]

Hi,

interesting. We should have seen this before then because this parameter was added to the configuration file ages ago.

Is there a chance that OpenVPN has changed the parameters those scripts are called with?

No matter what, we will need a wrapper script that will accept all those parameters, probably not care much about them and then call /etc/init.d/static-routes.

I will revert the patch for now then, so that we have some time to work on a solution.

Best,
-Michael

> On 26 Nov 2020, at 11:13, ummeegge <ummeegge(a)ipfire.org> wrote:
> 
> Hi all,
> during some testings with N2N ciphers, i recognized a strange behavior
> with this patch, the 'up /etc/init.d/static-routes start' command but
> only with client connections. The complete network went down while
> starting the connection and nothing was reachable anymore. The last
> line in messages was 
> 
> Nov 25 23:53:21 ipfire-prime testcryptn2n[12261]: /etc/init.d/static-
> routes start tun1 1500 1573 10.123.123.2 10.123.123.1 init
> 
> and from there on the screen freezes. The WUI was not reachable anymore
> and SSH delivers a
> 
> ssh: connect to host 192.168.123.1 port 222: No route to host
> 
> have had no problems with the N2N TLS-Server which starts without
> problems but the N2N TLS-Client crashed, even if no static route has
> been defined, the whole network/routing.
> 
> Am not sure what causes this but i would strongly recommend to revert
> this patch from origin/next !!!
> 
> May someone else can check this patch too ?
> 
> Best regards,
> 
> Erik
> 
> 
> Am Mittwoch, den 11.11.2020, 18:12 +0000 schrieb ummeegge:
>> Fixes: #12529
>> 
>> - If a client N2N configuration will be imported into IPFire systems,
>> a line will be added which calls the --up script to restart the
>> static route initscript. Since this is IPFire specific, i will only
>> be
>> added via import on IPFire system.
>> - Deleted unneeded line in CLIENTCONF section.
>> - Added description to SERVERCONF section.
>> 
>> Signed-off-by: ummeegge <erik.kapfer(a)ipfire.org>
>> ---
>>  html/cgi-bin/ovpnmain.cgi | 8 +++++++-
>>  1 file changed, 7 insertions(+), 1 deletion(-)
>> 
>> diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
>> index 8626a94ca..44cb48996 100644
>> --- a/html/cgi-bin/ovpnmain.cgi
>> +++ b/html/cgi-bin/ovpnmain.cgi
>> @@ -953,6 +953,7 @@ unless(-d
>> "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir
>> "${General
>>    print SERVERCONF "ifconfig $ovsubnet.1 $ovsubnet.2\n"; 
>>    print SERVERCONF "# Client Gateway Network\n"; 
>>    print SERVERCONF "route $remsubnet[0] $remsubnet[1]\n";
>> +  print SERVERCONF "# Call up script for static routes\n";
>>    print SERVERCONF "up \"/etc/init.d/static-routes start\"\n";
>>    print SERVERCONF "# tun Device\n"; 
>>    print SERVERCONF "dev tun\n"; 
>> @@ -1052,7 +1053,6 @@ unless(-d
>> "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir
>> "${General
>>    print CLIENTCONF "ifconfig $ovsubnet.2 $ovsubnet.1\n"; 
>>    print CLIENTCONF "# Server Gateway Network\n"; 
>>    print CLIENTCONF "route $remsubnet[0] $remsubnet[1]\n"; 
>> -  print CLIENTCONF "up \"/etc/init.d/static-routes start\"\n";
>>    print CLIENTCONF "# tun Device\n"; 
>>    print CLIENTCONF "dev tun\n"; 
>>    print CLIENTCONF "#Logfile for statistics\n";
>> @@ -3333,6 +3333,12 @@ END
>>         print FILE "status /var/run/openvpn/$n2nname[0]-n2n 10\n";
>>         close FILE;
>>  
>> +       # Add static route command to client configuration
>> +       open(FILE, ">> $tempdir/$uplconffilename") or die 'Unable to
>> open config file.';
>> +       print FILE "# Call up script for static routes\n";
>> +       print FILE "up \"/etc/init.d/static-routes start\"\n";
>> +       close FILE;
>> +
>>         move("$tempdir/$uplconffilename",
>> "${General::swroot}/ovpn/n2nconf/$n2nname[0]/$uplconffilename2");
>>  
>>         if ($? ne 0) {
> 
>