From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.haj.ipfire.org (localhost [IPv6:::1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4cDWZF6Rnfz30Qf for ; Sat, 30 Aug 2025 10:28:37 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [IPv6:2001:678:b28::25]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail01.haj.ipfire.org", Issuer "R13" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4cDWZB3xkyz2xMF for ; Sat, 30 Aug 2025 10:28:34 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4cDWZ94588zX6; Sat, 30 Aug 2025 10:28:33 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1756549713; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=F3q/3TOqbIvXbvbt/RwYPAGwo8PjJ0d/CKrJwxIpIHk=; b=73czHxYAIB61otQqwspkEJIxCNG9xjd5h/7r5x3Mijgoe9Ie3m+jdI7Zan36VNLC5+GzhK x0oUrCvaRSQEr/Bw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1756549713; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=F3q/3TOqbIvXbvbt/RwYPAGwo8PjJ0d/CKrJwxIpIHk=; b=kW+UjxUxtPMLBESOKgY/WuWTFmPBlwT4tMoPzv3H7K6iLi0SlhKAi67dOJRAHpxNuGC1aF sKFWh5k1HH4mwOpx2iM7wCVayqTnGq2wHxfBnOfmhXoFMNpcPaqQyQ+Xq1AtoKjpVMaw6o ph3mVLax3knxqFl1oV1oQLY1g/LVRdNR5z5zSeuoyuMwRvmw5uczd3GEvbs907PeFLiIzh 8ALF6SE4wEyPORDWQycZ4ySUnTqgzGJCOMxO+fQJYGzMRABVETEtc0uccHCbael06Ou2tu PYZWpQiobGsYG4EVPKgwuch66s3du5PKPjVjNM6tWLdbnVKFq4oi8ogHpBLi1w== Message-ID: Date: Sat, 30 Aug 2025 12:28:30 +0200 Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 Subject: Re: Problem with push routes when updating a CU196 openvpn to CU197 From: Adolf Belka To: Michael Tremer Cc: "IPFire: Development-List" References: <76a9ee78-65ac-4117-b196-820580448ed8@ipfire.org> <57cad6ea-c25a-4153-9b90-122c26c883c3@ipfire.org> Content-Language: en-GB In-Reply-To: <57cad6ea-c25a-4153-9b90-122c26c883c3@ipfire.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Hi Michael, On 30/08/2025 12:10, Adolf Belka wrote: > Hi Michael, > > On 29/08/2025 23:51, Michael Tremer wrote: >> Hello, >> >> This was probably introduced in this commit: >> >>    https://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=460942d7ed28ebf8c7727faa6321b63ee1c56964 >> >> It is supposed to read the routes_push file and write it to /var/ipfire/ovpn/settings. >> >> This should happen whenever the CGI script is being called and does not even require that any configuration is being rewritten. Looking quickly through the code it seems to me that the read_routepushfile subroutine, which updates the ROUTES_PUSH from the old routes_push file if it exists, is executed in the writeserverconf subroutine but it only gets executed if the save button on the first page or on the advanced settings pages is pressed. I pressed the Save Advanced Settings to get it updates but the code looks like it will also do it for the Save button on the main page (I will test that just to confirm). It looks to me like just running the CGI script will not run the writeserverconf subroutine. Regards, Adolf. >> >> Can you confirm that nothing is in ROUTES_PUSH? > > Yes, I can confirm that entry in the settings file is empty. > > Regards, > > Adolf. > >> >> Best, >> -Michael >> >>> On 29 Aug 2025, at 19:50, Adolf Belka wrote: >>> >>> Hi All, >>> >>> On 29/08/2025 19:05, Adolf Belka wrote: >>>> Hi All, >>>> I normally have not had any routes to be pushed specified on my openvpn connections. While investigating some other things I did some setups with routes specified in the CU196 server advanced settings. These were stored in the routes_push file and defined in the server.conf file. >>>> When I did an update to CU197 I found that the routes were specified in the routes_push file but no longer in the server.conf file. They were also not in the ROUTES_PUSH entry in the settings file. >>>> I then went into the Advanced Settings page on the CU197 and the routes were in the push routes entry box but separated by a blank line. >>>> I then pressed the Save Advanced Settings button and now the routes were in the server.conf and settings files and were in the advanced settings page without any blank lines between them. >>>> So something is not being fully completed when doing an update from a CU196 server with push routes specified and it requires the advanced settings to be saved to get everything updated as it should be. >>>> I suspect that a similar thing might happen if a CU196 backup with push routes is restored into a CU197 system but I haven't tested this yet. I will feedback what I find when I do that. >>> >>> I can confirm that the same thing happens when a CU196 backup with push routes specified does the same thing as described above and requires the Save Advanced Settings button to be pressed to put everything in the right files. >>> >>> Regards, >>> >>> Adolf. >>> >>>> Should I create a bug report for this? >>>> Regards, >>>> Adolf. >>> >>> >> >