From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4bW1wx3zG0z339D for ; Mon, 30 Jun 2025 10:04:49 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4bW1ws73PWz2y3W for ; Mon, 30 Jun 2025 10:04:45 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4bW1ws3mV6zTd; Mon, 30 Jun 2025 10:04:45 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1751277885; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=zseGluU2CCek3nu3JcpGGoXzTKiMQsGFcC4zMaG60c0=; b=62WGwAdjRoytcxYf8exqjh9vF4cKWYz4SpnboAA6MPPmtri1HY55dX1XHYG/+R9fRjKnJX zTxSifrRIrPKNbBw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1751277885; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=zseGluU2CCek3nu3JcpGGoXzTKiMQsGFcC4zMaG60c0=; b=A7XGcTONj9wtWWPOhKpdt2YMRMN6H3XFp2CPvmOXf/exUN4xzI3WkpfjSj3ST4wfpH33i6 GKB9fr+/ZWHfooOhvpSoSQyRzARtZxiLrFrwfZqS8YnUo99gc7A9uefT33sFc0b/9jzfSY Dean+surP2MxpGjiU9OfS345FhaNTqKfj6yQL+mRc1iowcaCcg8HM21Upp2B+L422CRCua weDycAMqggN2LeoyU2rEJ/GZiy3KqTkajPQOP2kgYxquycVPzaBJlMwidmlvSljehBNU3r bT+QeAuCoaxpwWn6k0rezllTVf5QcNjGHtJ4qcTTmDfrp0Mfnzjn3uUM8SeXRA== Content-Type: text/plain; charset=utf-8 Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: Mime-Version: 1.0 Subject: Re: Feedback on the branch openvpn-rebase From: Michael Tremer In-Reply-To: Date: Mon, 30 Jun 2025 11:04:45 +0100 Cc: "IPFire: Development-List" Content-Transfer-Encoding: quoted-printable Message-Id: References: <1396727E-BF73-4015-B853-B3F854806B28@ipfire.org> <7FE631A7-BAF8-4A92-AE02-A173D2C1E746@ipfire.org> To: Adolf Belka Hello, > On 30 Jun 2025, at 10:55, Adolf Belka wrote: >=20 > Hi Michael, >=20 > On 30/06/2025 10:46, Michael Tremer wrote: >> Hello Adolf, >> The initscript works absolutely fine for me: >=20 > Interesting. >=20 >> [root@ipfire-openvpn ipfire-2.x]# /etc/init.d/openvpn-rw status >> /usr/sbin/openvpn is not running. >> [root@ipfire-openvpn ipfire-2.x]# /etc/init.d/openvpn-rw start >> Starting OpenVPN Roadwarrior Server... = [ OK ] >> Starting OpenVPN Authenticator... = [ OK ] >> [root@ipfire-openvpn ipfire-2.x]# /etc/init.d/openvpn-rw status >> openvpn is running with Process ID(s) 27406. >> [root@ipfire-openvpn ipfire-2.x]# ps aux | grep openvpn >> nobody 27406 0.0 0.1 12052 7624 ? Ss 10:45 0:00 = /usr/sbin/openvpn --config /var/ipfire/ovpn/server.conf >> root 27446 0.0 0.2 16580 10740 ? S 10:45 0:00 = /usr/bin/python3 /usr/sbin/openvpn-authenticator --daemon >> root 27455 0.0 0.0 6660 2612 pts/1 S+ 10:45 0:00 grep = openvpn >> [root@ipfire-openvpn ipfire-2.x]# ll /var/run/openvpn* >> -rw------- 1 root root 227 Jun 30 10:45 /var/run/openvpn-rw.log >> -rw-r--r-- 1 root root 6 Jun 30 10:45 /var/run/openvpn-rw.pid >> srwxrwxrwx 1 root root 0 Jun 30 10:45 /var/run/openvpn.sock >> /var/run/openvpn: >> total 0 >> [root@ipfire-openvpn ipfire-2.x]# /etc/init.d/openvpn-rw stop >> Stopping OpenVPN Authenticator... = [ OK ] >> Stopping OpenVPN Roadwarrior Server... = [ OK ] >> [root@ipfire-openvpn ipfire-2.x]# ll /var/run/openvpn* >> -rw------- 1 root root 227 Jun 30 10:45 /var/run/openvpn-rw.log >> srwxrwxrwx 1 root root 0 Jun 30 10:45 /var/run/openvpn.sock >> /var/run/openvpn: >> total 0 >> [root@ipfire-openvpn ipfire-2.x]# /etc/init.d/openvpn-rw status >> /usr/sbin/openvpn is not running. >> Can you confirm this on your system? Might the problem simply be that = your OpenVPN RW server crashes and then the PID file does not get = cleaned up properly? >=20 > I already confirmed that because when it wouldn't start in the WUI = again, I used the manual commands. The only difference I see in the = commands is that I used /etc/rc.d/init.d/openvpn-rw >=20 > My testing was also done on an install from the iso that you provided = the link to. Yes, I am also on the same image. There is now one initscript for the road warrior service and one for the = n2n services. > One thing I noticed is that your /var/run/openvpn/ directory is empty, = so presumably no net 2 net config. I do have that, so I just disabled = the n2n connection (not deleted) and now my stop command is working = correctly. I don=E2=80=99t have any N2N connections on this test system. It should = not make a difference at all, but I cannot say that I tested this all a = lot. > I then enabled the n2n connection again and the RW server can still be = successfully enabled/started and disabled/stopped and enabled/started = again. >=20 > So whatever the problem is it was only present after I had restored = IPFire so that I got the rw and n2n connections. Hmm, this is why we are testing his. A lot of code has changed. I just = don=E2=80=99t know what do to with this issue now. > However now, the n2n connection no longer shows DISCONNECTED in a red = background but an empty space and now the n2n connection is no longer = showing up in my ps aux | grep openvpn listing, whereas before it did. >=20 > I will try doing a fresh install again and test out with a fresh = config of the rw alone and then after that do a restore of my rw/n2n = connections and see what happens then. Yes, this sounds sensible. I have only ever tested a fresh installation = and never restored any existing configuration. There might be bugs here. -Michael >=20 > Regards, >=20 > Adolf. >=20 >=20 >> -Michael >>> On 30 Jun 2025, at 09:40, Michael Tremer = wrote: >>>=20 >>> Hello Adolf, >>>=20 >>> Thank you very much for looking into this for me. >>>=20 >>>> On 29 Jun 2025, at 11:51, Adolf Belka = wrote: >>>>=20 >>>> Hi All, >>>>=20 >>>> Tested out the latest openvpn-rebase branch from @ms using the link = to the iso that he provided from the latest fixes. >>>>=20 >>>> The disable and enable checkbox now works. If you enable the = checkbox and save then the box is enabled and if you then disable and = save it the checkbox now is disabled so that previous issue is fixed. >>>=20 >>> That is a good start. >>>=20 >>>> Unfortunately the start and stop issue is still present. >>>=20 >>> This is less good. I am sure that I tested that the sever gets = properly started, restarted and stopped. I can look into this again. = Hopefully this should not stop us from conducting any further testing. >>>=20 >>>> When I start the system running with the openvpn server running and = then I disable the server then it shows the server as stopped. >>>>=20 >>>> If I then enable the server and save then the checkbox is enabled = but the server stays stopped. >>>>=20 >>>> On the command line the status shows >>>>=20 >>>> /usr/sbin/openvpn is not running but /var/run/openvpn-rw.pid = exists. >>>>=20 >>>> So the server stopped but the pid was not removed. >>>>=20 >>>> If I boot the system and the server was checked as enabled then = everything starts properly. >>>>=20 >>>> The boot screen shows >>>>=20 >>>> Starting OpenVPN Roadwarrior Server... OK >>>> Starting OpenVPN Authenticator... OK >>>> Starting OpenVPN N2N connection 'ipfirenet2net'... OK >>>>=20 >>>> then if I straight away reboot the shutdown screen shows >>>>=20 >>>>=20 >>>> Stopping OpenVPN Authenticator... Not running WARN >>>> Stopping OpenVPN Roadwarrior Server... FAIL >>>> Stopping OpenVPN N2N connection 'ipfirenet2net'... OK >>>=20 >>> Okay, this is interesting. The authenticator cannot run without the = RW service being active. So this does not concern me at this point. >>>=20 >>> The RW server should however be running if it is enabled. Is there = anything in the logs that explains why it crashed? >>>=20 >>>> The N2N connection starts and stops correctly and the pid is = removed. >>>>=20 >>>> I believe that this might be due to the variable PIDFILE being used = for both the authenticator and the rw daemons and when the openvpn-rw = daemon is being shutdown it has the authenticator pid in the PIDFILE = variable and not the openvpn-rw.pid file name. >>>=20 >>> Yes, I had to play around a lot with this. The initscripts are = designed to deal with only one service and I hacked my way around it. >>>=20 >>>> I have tried various ways to change this in the openvpn-rw = initscript but I ended up fixing it for one thing but then creating a = problem for another one. Basically I think because I don't understand = how the whole initscript and pid process is running in IPFire. >>>=20 >>> Neither do I :) It is all very broken there and so there won't be a = very clean and obvious way ahead. >>>=20 >>> I will look into it. >>>=20 >>> Any other findings so far? >>>=20 >>> -Michael >>>=20 >>>>=20 >>>> Regards, >>>> Adolf.