Hi all, during some testings with N2N ciphers, i recognized a strange behavior with this patch, the 'up /etc/init.d/static-routes start' command but only with client connections. The complete network went down while starting the connection and nothing was reachable anymore. The last line in messages was
Nov 25 23:53:21 ipfire-prime testcryptn2n[12261]: /etc/init.d/static- routes start tun1 1500 1573 10.123.123.2 10.123.123.1 init
and from there on the screen freezes. The WUI was not reachable anymore and SSH delivers a
ssh: connect to host 192.168.123.1 port 222: No route to host
have had no problems with the N2N TLS-Server which starts without problems but the N2N TLS-Client crashed, even if no static route has been defined, the whole network/routing.
Am not sure what causes this but i would strongly recommend to revert this patch from origin/next !!!
May someone else can check this patch too ?
Best regards,
Erik
Am Mittwoch, den 11.11.2020, 18:12 +0000 schrieb ummeegge:
Fixes: #12529
- If a client N2N configuration will be imported into IPFire systems,
a line will be added which calls the --up script to restart the static route initscript. Since this is IPFire specific, i will only be added via import on IPFire system.
- Deleted unneeded line in CLIENTCONF section.
- Added description to SERVERCONF section.
Signed-off-by: ummeegge erik.kapfer@ipfire.org
html/cgi-bin/ovpnmain.cgi | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 8626a94ca..44cb48996 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -953,6 +953,7 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General print SERVERCONF "ifconfig $ovsubnet.1 $ovsubnet.2\n"; print SERVERCONF "# Client Gateway Network\n"; print SERVERCONF "route $remsubnet[0] $remsubnet[1]\n"; + print SERVERCONF "# Call up script for static routes\n"; print SERVERCONF "up "/etc/init.d/static-routes start"\n"; print SERVERCONF "# tun Device\n"; print SERVERCONF "dev tun\n"; @@ -1052,7 +1053,6 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General print CLIENTCONF "ifconfig $ovsubnet.2 $ovsubnet.1\n"; print CLIENTCONF "# Server Gateway Network\n"; print CLIENTCONF "route $remsubnet[0] $remsubnet[1]\n"; - print CLIENTCONF "up "/etc/init.d/static-routes start"\n"; print CLIENTCONF "# tun Device\n"; print CLIENTCONF "dev tun\n"; print CLIENTCONF "#Logfile for statistics\n"; @@ -3333,6 +3333,12 @@ END print FILE "status /var/run/openvpn/$n2nname[0]-n2n 10\n"; close FILE; + # Add static route command to client configuration + open(FILE, ">> $tempdir/$uplconffilename") or die 'Unable to open config file.'; + print FILE "# Call up script for static routes\n"; + print FILE "up "/etc/init.d/static-routes start"\n"; + close FILE;
move("$tempdir/$uplconffilename", "${General::swroot}/ovpn/n2nconf/$n2nname[0]/$uplconffilename2"); if ($? ne 0) {