Re: openvpn broken in 13

From: "Erik K." <ummeegge@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: openvpn broken in 13
Date: Mon, 10 Sep 2012 11:02:11 +0200	[thread overview]
Message-ID: <BEEEF143-A80B-43BE-A125-E4B031CF40A2@ipfire.org> (raw)
In-Reply-To: <1347264531.17767.173.camel@rice-oxley.tremer.info>

[-- Attachment #1: Type: text/plain, Size: 3273 bytes --]

Hi all,
the patch is working for me, after patching the ovpnmain.cgi the package size is per default 1400 MTU and fragment and mssfix doesn´t appear. If i adjust a value for fragment and activate mssfix, both are displayed with the same values in the configuration files for the server and also for the client configuration file, also the MTU can be adjusted and the values are also printed to both configuration files. 

But i have had some strange messages after patching the ovpnmain.cgi . The logs said that the keepalive value aren´t set for the server and as i controlled the server.conf there wasn´t the keepalive 10 60 value findable. After a manual edit over the WUI, keepalive 10 60 was also printed to server.conf. 

So this patch:

--- ovpnmain.cgi.61	2012-09-01 06:49:41.385539818 +0200
+++ ovpnmain.cgi	2012-09-01 06:41:15.804679610 +0200
@@ -356,14 +356,11 @@
     if ($sovpnsettings{CLIENT2CLIENT} eq 'on') {
 	print CONF "client-to-client\n";
     }
-    if ($sovpnsettings{'DPROTOCOL'} eq 'udp') {
-        if ($sovpnsettings{MSSFIX} eq 'on') {
-	    print CONF "mssfix\n";
-        }
-        if ($sovpnsettings{'FRAGMENT'} eq '' || $sovpnsettings{'FRAGMENT'} eq 0) {
-		$sovpnsettings{'FRAGMENT'} = '1300';
-        }
-        print CONF "fragment $sovpnsettings{'FRAGMENT'}\n";
+    if ($sovpnsettings{MSSFIX} eq 'on') {
+	print CONF "mssfix\n";
+    }
+    if ($sovpnsettings{FRAGMENT} ne '' && $sovpnsettings{'DPROTOCOL'} ne 'tcp') {
+	print CONF "fragment $sovpnsettings{'FRAGMENT'}\n";   
     }
     if ($sovpnsettings{KEEPALIVE_1} > 0 && $sovpnsettings{KEEPALIVE_2} > 0) {	
 	print CONF "keepalive $sovpnsettings{'KEEPALIVE_1'} $sovpnsettings{'KEEPALIVE_2'}\n";
@@ -532,7 +529,7 @@
     	}
     }
     if ($cgiparams{'MSSFIX'} ne 'on') {
-    	$vpnsettings{'MSSFIX'} = 'off';
+    	delete $vpnsettings{'MSSFIX'};
     } else {
     	$vpnsettings{'MSSFIX'} = $cgiparams{'MSSFIX'};
     }
@@ -1906,12 +1903,6 @@
     if ($cgiparams{'LOG_VERB'} eq '') {
 	$cgiparams{'LOG_VERB'} =  '3';
     }
-    if ($cgiparams{'MSSFIX'} eq '') {
-        $cgiparams{'MSSFIX'} = 'on';
-    }
-    if ($cgiparams{'FRAGMENT'} eq '') {
-        $cgiparams{'FRAGMENT'} = '1300';
-    }
     $checked{'CLIENT2CLIENT'}{'off'} = '';
     $checked{'CLIENT2CLIENT'}{'on'} = '';
     $checked{'CLIENT2CLIENT'}{$cgiparams{'CLIENT2CLIENT'}} = 'CHECKED';


doesn´t contain changes for keepalive so i´am pretty unsure where it comes from. Does someone have similar log entries or is it maybe only a individual problem?

Erik
  
Am 10.09.2012 um 10:08 schrieb Michael Tremer:

> On Fri, 2012-09-07 at 12:26 -0500, R. W. Rodolico wrote:
>> All of my tests so far have shown the patch to be effective. I agree
>> that it was likely a bug that crept in on the new code (would be nice to
>> have some effective beta testing -- oops, I'm the one that should have
>> done that).
> 
> Indeed :D
> 
> I am waiting for some more responses about the patch. I think we are
> clear to go, but still need more people to test it.
> 
> Michael
> 
> _______________________________________________
> Development mailing list
> Development(a)lists.ipfire.org
> http://lists.ipfire.org/mailman/listinfo/development

