Hi Michael,
On 07/12/2024 15:29, Adolf Belka wrote:
Hi Michael,
I should have waited before sending my last reply. Now that the status is showing correctly, if I uncheck the enabled box for the OpenVPN Server and press the Save button it re-checks the Enabled checkbox. So now that it shows the status as Running, I can't stop it now :-))
I'll see if I can figure out why it is doing that.
I haven't been able to figure out why it is happening yet but I have noticed that any checkboxes that are unchecked stay like that but once you check a check box then it always stays checked. I found that on the Advanced Settings page. The TLS option is checked by default and it cannot be unchecked. Once I checked the mssfix and Push Default Route checkboxes and saved the settings then those checkboxes can no longer be unchecked.
So there is some problem in the logic of the checkbox setting in the ovpnmain.cgi that needs to be fixed.
Regards,
Adolf.
Regards,
Adolf.
On 07/12/2024 15:23, Adolf Belka wrote:
Hi Michael,
On 07/12/2024 15:11, Adolf Belka wrote:
Hi Michael,
On 06/12/2024 21:11, Michael Tremer wrote:
Hello Adolf,
Thanks for testing this and finally getting some traction back into this project…
It is very important, but it has been painful work, which is why I am putting this slightly more towards the end of my TODO list than I should.
There is however not *that* much to do to get this finally over the line. I believe that the RW stuff is mostly done. It will need a lot of bug fixing, but it should generally be complete.
There is still the net-to-net stuff which I haven’t touched because the code is more than difficult to read and handle.
——
The Perl module problem is probably something the OpenVPN branch inherited from the then current next branch, but those problems have already been fixed. I also believe that some of the issues with starting the process have been fixed and should be in next. I think a lot of the problems with the OpenVPN branch is that so many changes came out of it on the side that I started to get them merged into mainline before the branch grows even larger. Sometimes, I think, we lost the fixes from the actual OpenVPN branch.
Therefore I have rebased the branch against next. That means that you will have to build it all again, but on the plus side, you will have all the bugs that next has, and maybe more from the OpenVPN branch. Hopefully some things would have resolved themselves.
The branch is here:
https://git.ipfire.org/?p=people/ms/ipfire-2.x.git;a=shortlog;h=refs/heads/o...
I did not build it myself, yet - the build is still running. It could be that I broke even more stuff, but I would be interested to know if I did so, that we finally can get this all ready for some sunny days.
I have built it and installed it. The perl module issues have been resolved. However the OpenVPN Server status and the client Invalid input are both still the same as before. So not fixed or even obviously changed from before the rebase.
I have figured out what the problem was for the status of the OpenVPN server on the wui page.
You changed the process name to openvpn-rw but in the ovpnmain.cgi at line 5066-5067 it still specifies the process name as openvpn and the pid file name as openvpn.pid.
I changed the process name to openvpn-rw and the pid name to openvpn-rw.pid and the status is now working.
So that part has been resolved.
Just the client invalid input now.
Regards,
Adolf.
Please send me your patch with the updated version of OpenVPN so that I can merge it into this branch and we are all testing with the latest version.
I will send it later today.
Let’s get this build started and then we will look what is causing the invalid input problems…
The message invalid input is used three times in the ovpnmain.cgi file but I can't figure out from those what the message would be caused by.
Regards, Adolf.
-Michael
On 6 Dec 2024, at 18:13, Adolf Belka adolf.belka@ipfire.org wrote:
Hi Michael,
I did a fresh new clone of the openvpn-2.6-meetup branch and built it with only uncommenting the Compress/Raw/Zlib.pm
I then installed it onto a vm and tested it out. The same issues are present as before so it is not a problem of the repo clone that I had.
Basically the OpenVPN RW server can be started and using the openvpnctrl program the status says it is running and shows the pid but the WUI still says that it is Stopped.
Also any client connection creation shows up with Invalid input, even with client connections that work with CU189.
Regards,
Adolf.
On 06/12/2024 12:59, Adolf Belka wrote:
Hi Michael,
So I did a pull of the openvpn-2.6-meetup branch from your repo. I noticed that it was using OpenVPN-2.6.9 and 2.6.12 is available now so I updated the openvpn to 2.6.12 and did a build.
Then I installed the created iso and the OpenVPN WUI page came up with an Internal Server Error.
The logs indicated that it couldn't find the Compress::Raw::Zlib perl module.
That was one of the separate perl modules removed from the system because they were now in the core.
I checked the perl rootfile on the openvpn-2.6.meetup branch and it had the
usr/lib/perl5/5.36.0/xxxMACHINExxx-linux-thread-multi/Compress/Raw/Zlib.pm line commented out.
So I uncommented that line in the rootfile and rebuilt the branch and now the OpenVPN WUI page was shown okay.
However when I tried to create a client connection I kept getting an "Oops something went wrong Invalid input" message but it didn't say what was invalid.
I then restored a backup with my existing OpenVPN root/host and client settings and using the pencil icon to go into edit mode for one of the known working client connections when I just pressed the Save button without changing anything it again gave me the Invalid input message.
The other issue I found was that the OpenVPN Server page was constantly showing Stopped.
At this point I did a rebuild of the openvpn-2.6-meetup branch with the previous 2.6.9 OpenVPN but the same as above occurred, again with a fresh client connection creation or with the restored known working client connections.
I then tried to start the openvpn from the command line to see what messages it cam up with.
I tried first of all using the restart command and got
/usr/local/bin/openvpnctrl rw restart Stopping OpenVPN Authenticator... Not running. [ WARN ] Stopping OpenVPN Roadwarrior Server... [ FAIL ] Starting OpenVPN Roadwarrior Server... Unable to continue: /var/run/openvpn-rw.pid exists [ WARN ] Starting OpenVPN Authenticator... [ OK ]
so I checked and the openvpn-rw.pid file was present. So I then removed that file and ran the status command
/usr/local/bin/openvpnctrl rw status /usr/sbin/openvpn is not running.
Then I ran the start command
/usr/local/bin/openvpnctrl rw start Starting OpenVPN Roadwarrior Server... [ OK ] Starting OpenVPN Authenticator... [ OK ]
So tried the status command again
/usr/local/bin/openvpnctrl rw status openvpn is running with Process ID(s) 6883.
So good the server is running but when I looked at the OpenVPN WUI page it still showed Stopped, also on the Services page.
I then pressed the Save button on the OpenVPN WUI main page and then checked the status again and got
/usr/local/bin/openvpnctrl rw status /usr/sbin/openvpn is not running but /var/run/openvpn-rw.pid exists.
So doing the save caused the server to stop but leave the pid in place.
So I am not sure what has changed between our meetup and what I am building now. As far as I can tell from the branch in the repo, nothing has changed since 23rd Sept.
Maybe how I have done the pull of the repo is incorrect in some way and I am ending up in some mixed up situation but as it stands I definitely cannot test anything.
I will try creating a complete new copy of that branch on my system to see if anything gets better but I am also open to any suggestions of what I might have done wrong.
Regards,
Adolf