From mboxrd@z Thu Jan  1 00:00:00 1970
From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: Testing of openvpn-2.6-meetup branch
Date: Sat, 07 Dec 2024 15:29:08 +0100
Message-ID: <f1bbe966-e614-4bbc-b5d0-8b2064626938@ipfire.org>
In-Reply-To: <2cc3f4f9-0bee-4f21-839a-d819b467b779@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0938343624236590166=="
List-Id: <development.lists.ipfire.org>

--===============0938343624236590166==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hi Michael,

I should have waited before sending my last reply. Now that the status is sho=
wing correctly, if I uncheck the enabled box for the OpenVPN Server and press=
 the Save button it re-checks the Enabled checkbox. So now that it shows the =
status as Running, I can't stop it now :-))

I'll see if I can figure out why it is doing that.

Regards,

Adolf.


On 07/12/2024 15:23, Adolf Belka wrote:
> Hi Michael,
>
> On 07/12/2024 15:11, Adolf Belka wrote:
>> Hi Michael,
>>
>> On 06/12/2024 21:11, Michael Tremer wrote:
>>> Hello Adolf,
>>>
>>> Thanks for testing this and finally getting some traction back into this =
project=E2=80=A6
>>>
>>> It is very important, but it has been painful work, which is why I am put=
ting this slightly more towards the end of my TODO list than I should.
>>>
>>> There is however not *that* much to do to get this finally over the line.=
 I believe that the RW stuff is mostly done. It will need a lot of bug fixing=
, but it should generally be complete.
>>>
>>> There is still the net-to-net stuff which I haven=E2=80=99t touched becau=
se the code is more than difficult to read and handle.
>>>
>>> =E2=80=94=E2=80=94
>>>
>>> The Perl module problem is probably something the OpenVPN branch inherite=
d from the then current next branch, but those problems have already been fix=
ed. I also believe that some of the issues with starting the process have bee=
n fixed and should be in next. I think a lot of the problems with the OpenVPN=
 branch is that so many changes came out of it on the side that I started to =
get them merged into mainline before the branch grows even larger. Sometimes,=
 I think, we lost the fixes from the actual OpenVPN branch.
>>>
>>> Therefore I have rebased the branch against next. That means that you wil=
l have to build it all again, but on the plus side, you will have all the bug=
s that next has, and maybe more from the OpenVPN branch. Hopefully some thing=
s would have resolved themselves.
>>>
>>> The branch is here:
>>>
>>> https://git.ipfire.org/?p=3Dpeople/ms/ipfire-2.x.git;a=3Dshortlog;h=3Dref=
s/heads/openvpn-2.6-meetup-rebased
>>>
>>> I did not build it myself, yet - the build is still running. It could be =
that I broke even more stuff, but I would be interested to know if I did so, =
that we finally can get this all ready for some sunny days.
>>
>> I have built it and installed it. The perl module issues have been resolve=
d. However the OpenVPN Server status and the client Invalid input are both st=
ill the same as before. So not fixed or even obviously changed from before th=
e rebase.
>>
> I have figured out what the problem was for the status of the OpenVPN serve=
r on the wui page.
>
> You changed the process name to openvpn-rw but in the ovpnmain.cgi at line =
5066-5067 it still specifies the process name as openvpn and the pid file nam=
e as openvpn.pid.
>
> I changed the process name to openvpn-rw and the pid name to openvpn-rw.pid=
 and the status is now working.
>
> So that part has been resolved.
>
> Just the client invalid input now.
>
> Regards,
>
> Adolf.
>
>>>
>>> Please send me your patch with the updated version of OpenVPN so that I c=
an merge it into this branch and we are all testing with the latest version.
>>
>> I will send it later today.
>>
>>>
>>> Let=E2=80=99s get this build started and then we will look what is causin=
g the invalid input problems=E2=80=A6
>>
>> The message invalid input is used three times in the ovpnmain.cgi file but=
 I can't figure out from those what the message would be caused by.
>>
>> Regards,
>> Adolf.
>>
>>>
>>> -Michael
>>>
>>>> On 6 Dec 2024, at 18:13, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
>>>>
>>>> Hi Michael,
>>>>
>>>> I did a fresh new clone of the openvpn-2.6-meetup branch and built it wi=
th only uncommenting the Compress/Raw/Zlib.pm
>>>>
>>>> I then installed it onto a vm and tested it out. The same issues are pre=
sent as before so it is not a problem of the repo clone that I had.
>>>>
>>>> Basically the OpenVPN RW server can be started and using the openvpnctrl=
 program the status says it is running and shows the pid but the WUI still sa=
ys that it is Stopped.
>>>>
>>>> Also any client connection creation shows up with Invalid input, even wi=
th client connections that work with CU189.
>>>>
>>>> Regards,
>>>>
>>>> Adolf.
>>>>
>>>> On 06/12/2024 12:59, Adolf Belka wrote:
>>>>> Hi Michael,
>>>>>
>>>>> So I did a pull of the openvpn-2.6-meetup branch from your repo. I noti=
ced that it was using OpenVPN-2.6.9 and 2.6.12 is available now so I updated =
the openvpn to 2.6.12 and did a build.
>>>>>
>>>>> Then I installed the created iso and the OpenVPN WUI page came up with =
an Internal Server Error.
>>>>>
>>>>> The logs indicated that it couldn't find the Compress::Raw::Zlib perl m=
odule.
>>>>>
>>>>> That was one of the separate perl modules removed from the system becau=
se they were now in the core.
>>>>>
>>>>> I checked the perl rootfile on the openvpn-2.6.meetup branch and it had=
 the
>>>>>
>>>>> usr/lib/perl5/5.36.0/xxxMACHINExxx-linux-thread-multi/Compress/Raw/Zlib=
.pm line commented out.
>>>>>
>>>>> So I uncommented that line in the rootfile and rebuilt the branch and n=
ow the OpenVPN WUI page was shown okay.
>>>>>
>>>>> However when I tried to create a client connection I kept getting an "O=
ops something went wrong Invalid input" message but it didn't say what was in=
valid.
>>>>>
>>>>> I then restored a backup with my existing OpenVPN root/host and client =
settings and using the pencil icon to go into edit mode for one of the known =
working client connections when I just pressed the Save button without changi=
ng anything it again gave me the Invalid input message.
>>>>>
>>>>> The other issue I found was that the OpenVPN Server page was constantly=
 showing Stopped.
>>>>>
>>>>> At this point I did a rebuild of the openvpn-2.6-meetup branch with the=
 previous 2.6.9 OpenVPN but the same as above occurred, again with a fresh cl=
ient connection creation or with the restored known working client connection=
s.
>>>>>
>>>>> I then tried to start the openvpn from the command line to see what mes=
sages it cam up with.
>>>>>
>>>>> I tried first of all using the restart command and got
>>>>>
>>>>> /usr/local/bin/openvpnctrl rw restart
>>>>> Stopping OpenVPN Authenticator...=C2=A0=C2=A0=C2=A0 Not running.=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 [ WARN ]
>>>>> Stopping OpenVPN Roadwarrior Server...=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0 [ FAIL ]
>>>>> Starting OpenVPN Roadwarrior Server...
>>>>> Unable to continue: /var/run/openvpn-rw.pid exists=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 [ WARN ]
>>>>> Starting OpenVPN Authenticator... [=C2=A0 OK=C2=A0 ]
>>>>>
>>>>> so I checked and the openvpn-rw.pid file was present. So I then removed=
 that file and ran the status command
>>>>>
>>>>> /usr/local/bin/openvpnctrl rw status
>>>>> /usr/sbin/openvpn is not running.
>>>>>
>>>>> Then I ran the start command
>>>>>
>>>>> /usr/local/bin/openvpnctrl rw start
>>>>> Starting OpenVPN Roadwarrior Server...=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0 [ OK=C2=A0 ]
>>>>> Starting OpenVPN Authenticator... [=C2=A0 OK=C2=A0 ]
>>>>>
>>>>> So tried the status command again
>>>>>
>>>>> /usr/local/bin/openvpnctrl rw status
>>>>> openvpn is running with Process ID(s)=C2=A0 6883.
>>>>>
>>>>> So good the server is running but when I looked at the OpenVPN WUI page=
 it still showed Stopped, also on the Services page.
>>>>>
>>>>> I then pressed the Save button on the OpenVPN WUI=C2=A0 main page and t=
hen checked the status again and got
>>>>>
>>>>> /usr/local/bin/openvpnctrl rw status
>>>>> /usr/sbin/openvpn is not running but /var/run/openvpn-rw.pid exists.
>>>>>
>>>>> So doing the save caused the server to stop but leave the pid in place.
>>>>>
>>>>>
>>>>> So I am not sure what has changed between our meetup and what I am buil=
ding now. As far as I can tell from the branch in the repo, nothing has chang=
ed since 23rd Sept.
>>>>>
>>>>> Maybe how I have done the pull of the repo is incorrect in some way and=
 I am ending up in some mixed up situation but as it stands I definitely cann=
ot test anything.
>>>>>
>>>>> I will try creating a complete new copy of that branch on my system to =
see if anything gets better but I am also open to any suggestions of what I m=
ight have done wrong.
>>>>>
>>>>>
>>>>> Regards,
>>>>>
>>>>> Adolf
>>>>>
>>>
>>

--===============0938343624236590166==--