Re: Problem with push routes when updating a CU196 openvpn to CU197

[Adolf Belka <adolf.belka@ipfire.org>]

Hi Michael,

On 30/08/2025 12:28, Adolf Belka wrote:
> Hi Michael,
> 
> On 30/08/2025 12:10, Adolf Belka wrote:
>> Hi Michael,
>>
>> On 29/08/2025 23:51, Michael Tremer wrote:
>>> Hello,
>>>
>>> This was probably introduced in this commit:
>>>
>>>    https://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=460942d7ed28ebf8c7727faa6321b63ee1c56964
>>>
>>> It is supposed to read the routes_push file and write it to /var/ipfire/ovpn/settings.
>>>
>>> This should happen whenever the CGI script is being called and does not even require that any configuration is being rewritten.
> 
> Looking quickly through the code it seems to me that the read_routepushfile subroutine, which updates the ROUTES_PUSH from the old routes_push file if it exists, is executed in the writeserverconf subroutine but it only gets executed if the save button on the first page or on the advanced settings pages is pressed.
> 
> I pressed the Save Advanced Settings to get it updates but the code looks like it will also do it for the Save button on the main page (I will test that just to confirm).

Tested this and it does save an entry into the settings file but the result is different depending on whether the Save button on the main page or the Save Advanced Settings button on the Advanced Settings page is pressed.

So after restore the settings file just has

ROUTES_PUSH=

Pressing the Save Advanced Settings button results in

ROUTES_PUSH=10.102.99.0/24|10.0.1.0/24

but pressing the Save button on the main page instead after a restore gives

ROUTES_PUSH=10.102.99.0/24
|10.0.1.0/24


ie the contents are entered across three lines in the settings file.

Regards,

Adolf.


> 
> It looks to me like just running the CGI script will not run the writeserverconf subroutine.
> 
> Regards,
> 
> Adolf.
> 
>>>
>>> Can you confirm that nothing is in ROUTES_PUSH?
>>
>> Yes, I can confirm that entry in the settings file is empty.
>>
>> Regards,
>>
>> Adolf.
>>
>>>
>>> Best,
>>> -Michael
>>>
>>>> On 29 Aug 2025, at 19:50, Adolf Belka <adolf.belka@ipfire.org> wrote:
>>>>
>>>> Hi All,
>>>>
>>>> On 29/08/2025 19:05, Adolf Belka wrote:
>>>>> Hi All,
>>>>> I normally have not had any routes to be pushed specified on my openvpn connections. While investigating some other things I did some setups with routes specified in the CU196 server advanced settings. These were stored in the routes_push file and defined in the server.conf file.
>>>>> When I did an update to CU197 I found that the routes were specified in the routes_push file but no longer in the server.conf file. They were also not in the ROUTES_PUSH entry in the settings file.
>>>>> I then went into the Advanced Settings page on the CU197 and the routes were in the push routes entry box but separated by a blank line.
>>>>> I then pressed the Save Advanced Settings button and now the routes were in the server.conf and settings files and were in the advanced settings page without any blank lines between them.
>>>>> So something is not being fully completed when doing an update from a CU196 server with push routes specified and it requires the advanced settings to be saved to get everything updated as it should be.
>>>>> I suspect that a similar thing might happen if a CU196 backup with push routes is restored into a CU197 system but I haven't tested this yet. I will feedback what I find when I do that.
>>>>
>>>> I can confirm that the same thing happens when a CU196 backup with push routes specified does the same thing as described above and requires the Save Advanced Settings button to be pressed to put everything in the right files.
>>>>
>>>> Regards,
>>>>
>>>> Adolf.
>>>>
>>>>> Should I create a bug report for this?
>>>>> Regards,
>>>>> Adolf.
>>>>
>>>>
>>>
>>
>