From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH] OpenVPN: Add start of static routes in client N2N
Date: Tue, 01 Dec 2020 16:32:49 +0000
Message-ID: <714AC867-73A5-44C5-8A33-6FCBE9717C12@ipfire.org>
In-Reply-To: <4c069fa683f6b245ae69d90e4f64eab6a4b9e1a1.camel@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1028675783665068536=="
List-Id: <development.lists.ipfire.org>

--===============1028675783665068536==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hi,

interesting. We should have seen this before then because this parameter was =
added to the configuration file ages ago.

Is there a chance that OpenVPN has changed the parameters those scripts are c=
alled with?

No matter what, we will need a wrapper script that will accept all those para=
meters, probably not care much about them and then call /etc/init.d/static-ro=
utes.

I will revert the patch for now then, so that we have some time to work on a =
solution.

Best,
-Michael

> On 26 Nov 2020, at 11:13, ummeegge <ummeegge(a)ipfire.org> wrote:
>=20
> Hi all,
> during some testings with N2N ciphers, i recognized a strange behavior
> with this patch, the 'up /etc/init.d/static-routes start' command but
> only with client connections. The complete network went down while
> starting the connection and nothing was reachable anymore. The last
> line in messages was=20
>=20
> Nov 25 23:53:21 ipfire-prime testcryptn2n[12261]: /etc/init.d/static-
> routes start tun1 1500 1573 10.123.123.2 10.123.123.1 init
>=20
> and from there on the screen freezes. The WUI was not reachable anymore
> and SSH delivers a
>=20
> ssh: connect to host 192.168.123.1 port 222: No route to host
>=20
> have had no problems with the N2N TLS-Server which starts without
> problems but the N2N TLS-Client crashed, even if no static route has
> been defined, the whole network/routing.
>=20
> Am not sure what causes this but i would strongly recommend to revert
> this patch from origin/next !!!
>=20
> May someone else can check this patch too ?
>=20
> Best regards,
>=20
> Erik
>=20
>=20
> Am Mittwoch, den 11.11.2020, 18:12 +0000 schrieb ummeegge:
>> Fixes: #12529
>>=20
>> - If a client N2N configuration will be imported into IPFire systems,
>> a line will be added which calls the --up script to restart the
>> static route initscript. Since this is IPFire specific, i will only
>> be
>> added via import on IPFire system.
>> - Deleted unneeded line in CLIENTCONF section.
>> - Added description to SERVERCONF section.
>>=20
>> Signed-off-by: ummeegge <erik.kapfer(a)ipfire.org>
>> ---
>>  html/cgi-bin/ovpnmain.cgi | 8 +++++++-
>>  1 file changed, 7 insertions(+), 1 deletion(-)
>>=20
>> diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
>> index 8626a94ca..44cb48996 100644
>> --- a/html/cgi-bin/ovpnmain.cgi
>> +++ b/html/cgi-bin/ovpnmain.cgi
>> @@ -953,6 +953,7 @@ unless(-d
>> "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir
>> "${General
>>    print SERVERCONF "ifconfig $ovsubnet.1 $ovsubnet.2\n";=20
>>    print SERVERCONF "# Client Gateway Network\n";=20
>>    print SERVERCONF "route $remsubnet[0] $remsubnet[1]\n";
>> +  print SERVERCONF "# Call up script for static routes\n";
>>    print SERVERCONF "up \"/etc/init.d/static-routes start\"\n";
>>    print SERVERCONF "# tun Device\n";=20
>>    print SERVERCONF "dev tun\n";=20
>> @@ -1052,7 +1053,6 @@ unless(-d
>> "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir
>> "${General
>>    print CLIENTCONF "ifconfig $ovsubnet.2 $ovsubnet.1\n";=20
>>    print CLIENTCONF "# Server Gateway Network\n";=20
>>    print CLIENTCONF "route $remsubnet[0] $remsubnet[1]\n";=20
>> -  print CLIENTCONF "up \"/etc/init.d/static-routes start\"\n";
>>    print CLIENTCONF "# tun Device\n";=20
>>    print CLIENTCONF "dev tun\n";=20
>>    print CLIENTCONF "#Logfile for statistics\n";
>> @@ -3333,6 +3333,12 @@ END
>>         print FILE "status /var/run/openvpn/$n2nname[0]-n2n 10\n";
>>         close FILE;
>> =20
>> +       # Add static route command to client configuration
>> +       open(FILE, ">> $tempdir/$uplconffilename") or die 'Unable to
>> open config file.';
>> +       print FILE "# Call up script for static routes\n";
>> +       print FILE "up \"/etc/init.d/static-routes start\"\n";
>> +       close FILE;
>> +
>>         move("$tempdir/$uplconffilename",
>> "${General::swroot}/ovpn/n2nconf/$n2nname[0]/$uplconffilename2");
>> =20
>>         if ($? ne 0) {
>=20
>=20


--===============1028675783665068536==--