From mboxrd@z Thu Jan 1 00:00:00 1970 From: Adolf Belka To: development@lists.ipfire.org Subject: Test of latest OpenVPN-2.6 repo up to commit "ovpnmain.cgi: Refactor top table of adding/creating connections" Date: Mon, 15 Apr 2024 18:57:52 +0200 Message-ID: <9e3a4fca-1347-4dd4-bc59-801ba5fc446f@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7339239729627396064==" List-Id: --===============7339239729627396064== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi Michael, I did a fetch of the latest status of the OpenVPN-2.6 branch in your repo and= then ran a build on it and did a fresh install with the iso that was created. I then created the root/host x509 certificate set with no problems. Created a Static IP Address pool. One thing I found here was that after creat= ing it I could choose the edit function and modify the Name but the subnet co= uld not be modified. I had to delete the existing version and start again to = get the correct subnet. I had made an error in the number I chose so that was= why I was trying to edit it. Went into the Advanced settings and enabled the TLS Channel Protection and ad= ded entries into the DHCP Settings section for the Domain and DNS. Then press= ed Save. Then I created a Client Connection. The file icon I saw now is only a .ovpn f= ile with the certificates embedded into the .ovpn. A point I noticed is that = if you put the mouse over the hard disk icon it still says "Download Encrypte= d Client Package (zip)". After creating the client connection the Server started when I pressed the Sa= ve button in the Roadwarrior Settings section. I then installed the client .ovpn into my laptop's Network Manager OpenVPN pl= ugin and the connection was successfully made. However I have noticed that if I then go to the Advanced Server and press the= Save Advanced Settings button, whether something has been modified or not th= e Server Stops and will not restart. Checking the status on the CLI the message cam back that the server was not r= unning but the pid was present. If I deleted the pid then the server would start again. Running /etc/rc.d/ini= t.d/openvpn-rw reload results in an OK message but running the status command= then gives the message that openvpn is not running but openvpn.pid exists so= it looks like the reload command is not executing correctly. In the WUI System Logs OpenVPN section the following was shown. IPFire diagnostics Section: openvpn Date: April 15, 2024 18:46:59 openvpnserver[12829]: Use --help for more information. 18:46:59 openvpnserver[12829]: Options error: Please correct these errors. 18:46:59 openvpnserver[12829]: Options error: --status fails with '/var/run/= ovpnserver.log': Permission denied (errno=3D13) 18:46:59 openvpnserver[12829]: Options error: --writepid fails with '/var/ru= n/openvpn.pid': Permission denied (errno=3D13) 18:46:59 openvpnserver[12829]: Note: --cipher is not set. OpenVPN versions b= efore 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in t= his case. If you need this fallback please add '--data-ciphers-fallback BF-CB= C' to your configuration and/or add BF-CBC to --data-ciphers. 18:46:59 openvpnserver[12829]: SIGHUP[hard,] received, process restarting 18:46:59 openvpnserver[12829]: Linux ip addr del failed: external program ex= ited with error status: 2 18:46:59 openvpnserver[12829]: /sbin/ip addr del dev tun0 10.202.247.1/24 18:46:59 openvpnserver[12829]: Closing TUN/TAP interface 18:46:59 openvpnserver[12829]: ERROR: Linux route delete command failed 18:46:59 openvpnserver[12829]: ERROR: Linux route delete command failed: ext= ernal program exited with error status: 2 18:46:59 openvpnserver[12829]: /sbin/ip route del 10.110.26.0/24 18:46:59 openvpnserver[12829]: event_wait : Interrupted system call (fd=3D-1= ,code=3D4) This looks like the reload is resulting in a SIGHUP[hard,] causing the proces= s to restart but without having properly removed the pid file. There is also the message about the ovpnserver.log I did not touch that file = and after removing the pid file the server restarts and the system logs OpenV= PN log has no mention about that log file in it. Let me know if you need any other information and I will provide it. Regards, Adolf --===============7339239729627396064==--