From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4bW0CB115Cz33B0 for ; Mon, 30 Jun 2025 08:47:02 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4bW0C646T0z2yn7 for ; Mon, 30 Jun 2025 08:46:58 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4bW0C607Q2z6P; Mon, 30 Jun 2025 08:46:57 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1751273218; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=7O/ZD7Or90FltT7y4U0kVZcBbAw0ikJT/GBxlq8zUOc=; b=p5S7JfNbbguCB8PqkbwzW0wcA41QVYWGWdPITbf0NCTHUcZxtYSnoXwmNE/SP1AWRrD46P BgYtSAB9Akq0ErDw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1751273218; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=7O/ZD7Or90FltT7y4U0kVZcBbAw0ikJT/GBxlq8zUOc=; b=Fh9k9wF8Flun1nSqX3mBPjbPDywdj94zgJ2d8WyDgimo0hbEWGjR/hUGQUyetgF1/Irrpd h4Hpg5SshuJ08potqf3RF4/55CUU2S77LakTZofZjroUsp+XTA1W0WLgDaoLb1LU/3Mnqf JWo1mG82Hql1eFlcvMp2Pb1uvRESGO8frxAsMtF3roL1ljJVpLcS1/75fb59yV0quzUnvD iOeDLlUzeDPKEPrfaCvF/oeM3Mv+xkopXNMe7seHTf2/QqTnTfrkXlq/y3FPmvtKA9jaBi /KphGOh1PpbPJQUXQYs5L8z8vZAe0kRUgP6f82pAbc0YLhoSkZmjKVopqsNWBg== Content-Type: text/plain; charset=us-ascii Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: Mime-Version: 1.0 Subject: Re: Feedback on the branch openvpn-rebase From: Michael Tremer In-Reply-To: <1396727E-BF73-4015-B853-B3F854806B28@ipfire.org> Date: Mon, 30 Jun 2025 09:46:57 +0100 Cc: "IPFire: Development-List" Content-Transfer-Encoding: quoted-printable Message-Id: <7FE631A7-BAF8-4A92-AE02-A173D2C1E746@ipfire.org> References: <1396727E-BF73-4015-B853-B3F854806B28@ipfire.org> To: Adolf Belka Hello Adolf, The initscript works absolutely fine for me: [root@ipfire-openvpn ipfire-2.x]# /etc/init.d/openvpn-rw status /usr/sbin/openvpn is not running. [root@ipfire-openvpn ipfire-2.x]# /etc/init.d/openvpn-rw start Starting OpenVPN Roadwarrior Server... = = [ OK ] Starting OpenVPN Authenticator... = = [ OK ] [root@ipfire-openvpn ipfire-2.x]# /etc/init.d/openvpn-rw status openvpn is running with Process ID(s) 27406. [root@ipfire-openvpn ipfire-2.x]# ps aux | grep openvpn nobody 27406 0.0 0.1 12052 7624 ? Ss 10:45 0:00 = /usr/sbin/openvpn --config /var/ipfire/ovpn/server.conf root 27446 0.0 0.2 16580 10740 ? S 10:45 0:00 = /usr/bin/python3 /usr/sbin/openvpn-authenticator --daemon root 27455 0.0 0.0 6660 2612 pts/1 S+ 10:45 0:00 grep = openvpn [root@ipfire-openvpn ipfire-2.x]# ll /var/run/openvpn* -rw------- 1 root root 227 Jun 30 10:45 /var/run/openvpn-rw.log -rw-r--r-- 1 root root 6 Jun 30 10:45 /var/run/openvpn-rw.pid srwxrwxrwx 1 root root 0 Jun 30 10:45 /var/run/openvpn.sock /var/run/openvpn: total 0 [root@ipfire-openvpn ipfire-2.x]# /etc/init.d/openvpn-rw stop Stopping OpenVPN Authenticator... = = [ OK ] Stopping OpenVPN Roadwarrior Server... = = [ OK ] [root@ipfire-openvpn ipfire-2.x]# ll /var/run/openvpn* -rw------- 1 root root 227 Jun 30 10:45 /var/run/openvpn-rw.log srwxrwxrwx 1 root root 0 Jun 30 10:45 /var/run/openvpn.sock /var/run/openvpn: total 0 [root@ipfire-openvpn ipfire-2.x]# /etc/init.d/openvpn-rw status /usr/sbin/openvpn is not running. Can you confirm this on your system? Might the problem simply be that = your OpenVPN RW server crashes and then the PID file does not get = cleaned up properly? -Michael > On 30 Jun 2025, at 09:40, Michael Tremer = wrote: >=20 > Hello Adolf, >=20 > Thank you very much for looking into this for me. >=20 >> On 29 Jun 2025, at 11:51, Adolf Belka wrote: >>=20 >> Hi All, >>=20 >> Tested out the latest openvpn-rebase branch from @ms using the link = to the iso that he provided from the latest fixes. >>=20 >> The disable and enable checkbox now works. If you enable the checkbox = and save then the box is enabled and if you then disable and save it the = checkbox now is disabled so that previous issue is fixed. >=20 > That is a good start. >=20 >> Unfortunately the start and stop issue is still present. >=20 > This is less good. I am sure that I tested that the sever gets = properly started, restarted and stopped. I can look into this again. = Hopefully this should not stop us from conducting any further testing. >=20 >> When I start the system running with the openvpn server running and = then I disable the server then it shows the server as stopped. >>=20 >> If I then enable the server and save then the checkbox is enabled but = the server stays stopped. >>=20 >> On the command line the status shows >>=20 >> /usr/sbin/openvpn is not running but /var/run/openvpn-rw.pid exists. >>=20 >> So the server stopped but the pid was not removed. >>=20 >> If I boot the system and the server was checked as enabled then = everything starts properly. >>=20 >> The boot screen shows >>=20 >> Starting OpenVPN Roadwarrior Server... OK >> Starting OpenVPN Authenticator... OK >> Starting OpenVPN N2N connection 'ipfirenet2net'... OK >>=20 >> then if I straight away reboot the shutdown screen shows >>=20 >>=20 >> Stopping OpenVPN Authenticator... Not running WARN >> Stopping OpenVPN Roadwarrior Server... FAIL >> Stopping OpenVPN N2N connection 'ipfirenet2net'... OK >=20 > Okay, this is interesting. The authenticator cannot run without the RW = service being active. So this does not concern me at this point. >=20 > The RW server should however be running if it is enabled. Is there = anything in the logs that explains why it crashed? >=20 >> The N2N connection starts and stops correctly and the pid is removed. >>=20 >> I believe that this might be due to the variable PIDFILE being used = for both the authenticator and the rw daemons and when the openvpn-rw = daemon is being shutdown it has the authenticator pid in the PIDFILE = variable and not the openvpn-rw.pid file name. >=20 > Yes, I had to play around a lot with this. The initscripts are = designed to deal with only one service and I hacked my way around it. >=20 >> I have tried various ways to change this in the openvpn-rw initscript = but I ended up fixing it for one thing but then creating a problem for = another one. Basically I think because I don't understand how the whole = initscript and pid process is running in IPFire. >=20 > Neither do I :) It is all very broken there and so there won't be a = very clean and obvious way ahead. >=20 > I will look into it. >=20 > Any other findings so far? >=20 > -Michael >=20 >>=20 >> Regards, >> Adolf.