Hi Michael,
I did a fetch of the latest status of the OpenVPN-2.6 branch in your repo and then ran a build on it and did a fresh install with the iso that was created.
I then created the root/host x509 certificate set with no problems.
Created a Static IP Address pool. One thing I found here was that after creating it I could choose the edit function and modify the Name but the subnet could not be modified. I had to delete the existing version and start again to get the correct subnet. I had made an error in the number I chose so that was why I was trying to edit it.
Went into the Advanced settings and enabled the TLS Channel Protection and added entries into the DHCP Settings section for the Domain and DNS. Then pressed Save.
Then I created a Client Connection. The file icon I saw now is only a .ovpn file with the certificates embedded into the .ovpn. A point I noticed is that if you put the mouse over the hard disk icon it still says "Download Encrypted Client Package (zip)".
After creating the client connection the Server started when I pressed the Save button in the Roadwarrior Settings section.
I then installed the client .ovpn into my laptop's Network Manager OpenVPN plugin and the connection was successfully made.
However I have noticed that if I then go to the Advanced Server and press the Save Advanced Settings button, whether something has been modified or not the Server Stops and will not restart.
Checking the status on the CLI the message cam back that the server was not running but the pid was present.
If I deleted the pid then the server would start again. Running /etc/rc.d/init.d/openvpn-rw reload results in an OK message but running the status command then gives the message that openvpn is not running but openvpn.pid exists so it looks like the reload command is not executing correctly.
In the WUI System Logs OpenVPN section the following was shown.
IPFire diagnostics
Section: openvpn
Date: April 15, 2024
18:46:59 openvpnserver[12829]: Use --help for more information.
18:46:59 openvpnserver[12829]: Options error: Please correct these errors.
18:46:59 openvpnserver[12829]: Options error: --status fails with '/var/run/ovpnserver.log': Permission denied (errno=13)
18:46:59 openvpnserver[12829]: Options error: --writepid fails with '/var/run/openvpn.pid': Permission denied (errno=13)
18:46:59 openvpnserver[12829]: Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
18:46:59 openvpnserver[12829]: SIGHUP[hard,] received, process restarting
18:46:59 openvpnserver[12829]: Linux ip addr del failed: external program exited with error status: 2
18:46:59 openvpnserver[12829]: /sbin/ip addr del dev tun0 10.202.247.1/24
18:46:59 openvpnserver[12829]: Closing TUN/TAP interface
18:46:59 openvpnserver[12829]: ERROR: Linux route delete command failed
18:46:59 openvpnserver[12829]: ERROR: Linux route delete command failed: external program exited with error status: 2
18:46:59 openvpnserver[12829]: /sbin/ip route del 10.110.26.0/24
18:46:59 openvpnserver[12829]: event_wait : Interrupted system call (fd=-1,code=4)
This looks like the reload is resulting in a SIGHUP[hard,] causing the process to restart but without having properly removed the pid file.
There is also the message about the ovpnserver.log I did not touch that file and after removing the pid file the server restarts and the system logs OpenVPN log has no mention about that log file in it.
Let me know if you need any other information and I will provide it.
Regards,
Adolf
