From mboxrd@z Thu Jan 1 00:00:00 1970 From: Adolf Belka To: development@lists.ipfire.org Subject: Re: Testing of openvpn-2.6-meetup branch Date: Sat, 07 Dec 2024 15:48:37 +0100 Message-ID: In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============8495849085102274990==" List-Id: --===============8495849085102274990== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi Michael, On 07/12/2024 15:29, Adolf Belka wrote: > Hi Michael, > > I should have waited before sending my last reply. Now that the status is s= howing correctly, if I uncheck the enabled box for the OpenVPN Server and pre= ss the Save button it re-checks the Enabled checkbox. So now that it shows th= e status as Running, I can't stop it now :-)) > > I'll see if I can figure out why it is doing that. > I haven't been able to figure out why it is happening yet but I have noticed = that any checkboxes that are unchecked stay like that but once you check a ch= eck box then it always stays checked. I found that on the Advanced Settings p= age. The TLS option is checked by default and it cannot be unchecked. Once I = checked the mssfix and Push Default Route checkboxes and saved the settings t= hen those checkboxes can no longer be unchecked. So there is some problem in the logic of the checkbox setting in the ovpnmain= .cgi that needs to be fixed. Regards, Adolf. > Regards, > > Adolf. > > > On 07/12/2024 15:23, Adolf Belka wrote: >> Hi Michael, >> >> On 07/12/2024 15:11, Adolf Belka wrote: >>> Hi Michael, >>> >>> On 06/12/2024 21:11, Michael Tremer wrote: >>>> Hello Adolf, >>>> >>>> Thanks for testing this and finally getting some traction back into this= project=E2=80=A6 >>>> >>>> It is very important, but it has been painful work, which is why I am pu= tting this slightly more towards the end of my TODO list than I should. >>>> >>>> There is however not *that* much to do to get this finally over the line= . I believe that the RW stuff is mostly done. It will need a lot of bug fixin= g, but it should generally be complete. >>>> >>>> There is still the net-to-net stuff which I haven=E2=80=99t touched beca= use the code is more than difficult to read and handle. >>>> >>>> =E2=80=94=E2=80=94 >>>> >>>> The Perl module problem is probably something the OpenVPN branch inherit= ed from the then current next branch, but those problems have already been fi= xed. I also believe that some of the issues with starting the process have be= en fixed and should be in next. I think a lot of the problems with the OpenVP= N branch is that so many changes came out of it on the side that I started to= get them merged into mainline before the branch grows even larger. Sometimes= , I think, we lost the fixes from the actual OpenVPN branch. >>>> >>>> Therefore I have rebased the branch against next. That means that you wi= ll have to build it all again, but on the plus side, you will have all the bu= gs that next has, and maybe more from the OpenVPN branch. Hopefully some thin= gs would have resolved themselves. >>>> >>>> The branch is here: >>>> >>>> https://git.ipfire.org/?p=3Dpeople/ms/ipfire-2.x.git;a=3Dshortlog;h=3Dre= fs/heads/openvpn-2.6-meetup-rebased >>>> >>>> I did not build it myself, yet - the build is still running. It could be= that I broke even more stuff, but I would be interested to know if I did so,= that we finally can get this all ready for some sunny days. >>> >>> I have built it and installed it. The perl module issues have been resolv= ed. However the OpenVPN Server status and the client Invalid input are both s= till the same as before. So not fixed or even obviously changed from before t= he rebase. >>> >> I have figured out what the problem was for the status of the OpenVPN serv= er on the wui page. >> >> You changed the process name to openvpn-rw but in the ovpnmain.cgi at line= 5066-5067 it still specifies the process name as openvpn and the pid file na= me as openvpn.pid. >> >> I changed the process name to openvpn-rw and the pid name to openvpn-rw.pi= d and the status is now working. >> >> So that part has been resolved. >> >> Just the client invalid input now. >> >> Regards, >> >> Adolf. >> >>>> >>>> Please send me your patch with the updated version of OpenVPN so that I = can merge it into this branch and we are all testing with the latest version. >>> >>> I will send it later today. >>> >>>> >>>> Let=E2=80=99s get this build started and then we will look what is causi= ng the invalid input problems=E2=80=A6 >>> >>> The message invalid input is used three times in the ovpnmain.cgi file bu= t I can't figure out from those what the message would be caused by. >>> >>> Regards, >>> Adolf. >>> >>>> >>>> -Michael >>>> >>>>> On 6 Dec 2024, at 18:13, Adolf Belka wrote: >>>>> >>>>> Hi Michael, >>>>> >>>>> I did a fresh new clone of the openvpn-2.6-meetup branch and built it w= ith only uncommenting the Compress/Raw/Zlib.pm >>>>> >>>>> I then installed it onto a vm and tested it out. The same issues are pr= esent as before so it is not a problem of the repo clone that I had. >>>>> >>>>> Basically the OpenVPN RW server can be started and using the openvpnctr= l program the status says it is running and shows the pid but the WUI still s= ays that it is Stopped. >>>>> >>>>> Also any client connection creation shows up with Invalid input, even w= ith client connections that work with CU189. >>>>> >>>>> Regards, >>>>> >>>>> Adolf. >>>>> >>>>> On 06/12/2024 12:59, Adolf Belka wrote: >>>>>> Hi Michael, >>>>>> >>>>>> So I did a pull of the openvpn-2.6-meetup branch from your repo. I not= iced that it was using OpenVPN-2.6.9 and 2.6.12 is available now so I updated= the openvpn to 2.6.12 and did a build. >>>>>> >>>>>> Then I installed the created iso and the OpenVPN WUI page came up with= an Internal Server Error. >>>>>> >>>>>> The logs indicated that it couldn't find the Compress::Raw::Zlib perl = module. >>>>>> >>>>>> That was one of the separate perl modules removed from the system beca= use they were now in the core. >>>>>> >>>>>> I checked the perl rootfile on the openvpn-2.6.meetup branch and it ha= d the >>>>>> >>>>>> usr/lib/perl5/5.36.0/xxxMACHINExxx-linux-thread-multi/Compress/Raw/Zli= b.pm line commented out. >>>>>> >>>>>> So I uncommented that line in the rootfile and rebuilt the branch and = now the OpenVPN WUI page was shown okay. >>>>>> >>>>>> However when I tried to create a client connection I kept getting an "= Oops something went wrong Invalid input" message but it didn't say what was i= nvalid. >>>>>> >>>>>> I then restored a backup with my existing OpenVPN root/host and client= settings and using the pencil icon to go into edit mode for one of the known= working client connections when I just pressed the Save button without chang= ing anything it again gave me the Invalid input message. >>>>>> >>>>>> The other issue I found was that the OpenVPN Server page was constantl= y showing Stopped. >>>>>> >>>>>> At this point I did a rebuild of the openvpn-2.6-meetup branch with th= e previous 2.6.9 OpenVPN but the same as above occurred, again with a fresh c= lient connection creation or with the restored known working client connectio= ns. >>>>>> >>>>>> I then tried to start the openvpn from the command line to see what me= ssages it cam up with. >>>>>> >>>>>> I tried first of all using the restart command and got >>>>>> >>>>>> /usr/local/bin/openvpnctrl rw restart >>>>>> Stopping OpenVPN Authenticator...=C2=A0=C2=A0=C2=A0 Not running.=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 [ WARN ] >>>>>> Stopping OpenVPN Roadwarrior Server... [ FAIL ] >>>>>> Starting OpenVPN Roadwarrior Server... >>>>>> Unable to continue: /var/run/openvpn-rw.pid exists=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 [ WARN ] >>>>>> Starting OpenVPN Authenticator... [=C2=A0 OK=C2=A0 ] >>>>>> >>>>>> so I checked and the openvpn-rw.pid file was present. So I then remove= d that file and ran the status command >>>>>> >>>>>> /usr/local/bin/openvpnctrl rw status >>>>>> /usr/sbin/openvpn is not running. >>>>>> >>>>>> Then I ran the start command >>>>>> >>>>>> /usr/local/bin/openvpnctrl rw start >>>>>> Starting OpenVPN Roadwarrior Server... [ OK=C2=A0 ] >>>>>> Starting OpenVPN Authenticator... [=C2=A0 OK=C2=A0 ] >>>>>> >>>>>> So tried the status command again >>>>>> >>>>>> /usr/local/bin/openvpnctrl rw status >>>>>> openvpn is running with Process ID(s)=C2=A0 6883. >>>>>> >>>>>> So good the server is running but when I looked at the OpenVPN WUI pag= e it still showed Stopped, also on the Services page. >>>>>> >>>>>> I then pressed the Save button on the OpenVPN WUI=C2=A0 main page and = then checked the status again and got >>>>>> >>>>>> /usr/local/bin/openvpnctrl rw status >>>>>> /usr/sbin/openvpn is not running but /var/run/openvpn-rw.pid exists. >>>>>> >>>>>> So doing the save caused the server to stop but leave the pid in place. >>>>>> >>>>>> >>>>>> So I am not sure what has changed between our meetup and what I am bui= lding now. As far as I can tell from the branch in the repo, nothing has chan= ged since 23rd Sept. >>>>>> >>>>>> Maybe how I have done the pull of the repo is incorrect in some way an= d I am ending up in some mixed up situation but as it stands I definitely can= not test anything. >>>>>> >>>>>> I will try creating a complete new copy of that branch on my system to= see if anything gets better but I am also open to any suggestions of what I = might have done wrong. >>>>>> >>>>>> >>>>>> Regards, >>>>>> >>>>>> Adolf >>>>>> >>>> >>> --===============8495849085102274990==--