Fixes: #12529
- If a client N2N configuration will be imported into IPFire systems, a line will be added which calls the --up script to restart the static route initscript. Since this is IPFire specific, i will only be added via import on IPFire system. - Deleted unneeded line in CLIENTCONF section. - Added description to SERVERCONF section.
Signed-off-by: ummeegge erik.kapfer@ipfire.org --- html/cgi-bin/ovpnmain.cgi | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 8626a94ca..44cb48996 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -953,6 +953,7 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General print SERVERCONF "ifconfig $ovsubnet.1 $ovsubnet.2\n"; print SERVERCONF "# Client Gateway Network\n"; print SERVERCONF "route $remsubnet[0] $remsubnet[1]\n"; + print SERVERCONF "# Call up script for static routes\n"; print SERVERCONF "up "/etc/init.d/static-routes start"\n"; print SERVERCONF "# tun Device\n"; print SERVERCONF "dev tun\n"; @@ -1052,7 +1053,6 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General print CLIENTCONF "ifconfig $ovsubnet.2 $ovsubnet.1\n"; print CLIENTCONF "# Server Gateway Network\n"; print CLIENTCONF "route $remsubnet[0] $remsubnet[1]\n"; - print CLIENTCONF "up "/etc/init.d/static-routes start"\n"; print CLIENTCONF "# tun Device\n"; print CLIENTCONF "dev tun\n"; print CLIENTCONF "#Logfile for statistics\n"; @@ -3333,6 +3333,12 @@ END print FILE "status /var/run/openvpn/$n2nname[0]-n2n 10\n"; close FILE;
+ # Add static route command to client configuration + open(FILE, ">> $tempdir/$uplconffilename") or die 'Unable to open config file.'; + print FILE "# Call up script for static routes\n"; + print FILE "up "/etc/init.d/static-routes start"\n"; + close FILE; + move("$tempdir/$uplconffilename", "${General::swroot}/ovpn/n2nconf/$n2nname[0]/$uplconffilename2");
if ($? ne 0) {
Hi all, during some testings with N2N ciphers, i recognized a strange behavior with this patch, the 'up /etc/init.d/static-routes start' command but only with client connections. The complete network went down while starting the connection and nothing was reachable anymore. The last line in messages was
Nov 25 23:53:21 ipfire-prime testcryptn2n[12261]: /etc/init.d/static- routes start tun1 1500 1573 10.123.123.2 10.123.123.1 init
and from there on the screen freezes. The WUI was not reachable anymore and SSH delivers a
ssh: connect to host 192.168.123.1 port 222: No route to host
have had no problems with the N2N TLS-Server which starts without problems but the N2N TLS-Client crashed, even if no static route has been defined, the whole network/routing.
Am not sure what causes this but i would strongly recommend to revert this patch from origin/next !!!
May someone else can check this patch too ?
Best regards,
Erik
Am Mittwoch, den 11.11.2020, 18:12 +0000 schrieb ummeegge:
Fixes: #12529
- If a client N2N configuration will be imported into IPFire systems,
a line will be added which calls the --up script to restart the static route initscript. Since this is IPFire specific, i will only be added via import on IPFire system.
- Deleted unneeded line in CLIENTCONF section.
- Added description to SERVERCONF section.
Signed-off-by: ummeegge erik.kapfer@ipfire.org
html/cgi-bin/ovpnmain.cgi | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 8626a94ca..44cb48996 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -953,6 +953,7 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General print SERVERCONF "ifconfig $ovsubnet.1 $ovsubnet.2\n"; print SERVERCONF "# Client Gateway Network\n"; print SERVERCONF "route $remsubnet[0] $remsubnet[1]\n"; + print SERVERCONF "# Call up script for static routes\n"; print SERVERCONF "up "/etc/init.d/static-routes start"\n"; print SERVERCONF "# tun Device\n"; print SERVERCONF "dev tun\n"; @@ -1052,7 +1053,6 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General print CLIENTCONF "ifconfig $ovsubnet.2 $ovsubnet.1\n"; print CLIENTCONF "# Server Gateway Network\n"; print CLIENTCONF "route $remsubnet[0] $remsubnet[1]\n"; - print CLIENTCONF "up "/etc/init.d/static-routes start"\n"; print CLIENTCONF "# tun Device\n"; print CLIENTCONF "dev tun\n"; print CLIENTCONF "#Logfile for statistics\n"; @@ -3333,6 +3333,12 @@ END print FILE "status /var/run/openvpn/$n2nname[0]-n2n 10\n"; close FILE; + # Add static route command to client configuration + open(FILE, ">> $tempdir/$uplconffilename") or die 'Unable to open config file.'; + print FILE "# Call up script for static routes\n"; + print FILE "up "/etc/init.d/static-routes start"\n"; + close FILE;
move("$tempdir/$uplconffilename", "${General::swroot}/ovpn/n2nconf/$n2nname[0]/$uplconffilename2"); if ($? ne 0) {
Hi,
interesting. We should have seen this before then because this parameter was added to the configuration file ages ago.
Is there a chance that OpenVPN has changed the parameters those scripts are called with?
No matter what, we will need a wrapper script that will accept all those parameters, probably not care much about them and then call /etc/init.d/static-routes.
I will revert the patch for now then, so that we have some time to work on a solution.
Best, -Michael
On 26 Nov 2020, at 11:13, ummeegge ummeegge@ipfire.org wrote:
Hi all, during some testings with N2N ciphers, i recognized a strange behavior with this patch, the 'up /etc/init.d/static-routes start' command but only with client connections. The complete network went down while starting the connection and nothing was reachable anymore. The last line in messages was
Nov 25 23:53:21 ipfire-prime testcryptn2n[12261]: /etc/init.d/static- routes start tun1 1500 1573 10.123.123.2 10.123.123.1 init
and from there on the screen freezes. The WUI was not reachable anymore and SSH delivers a
ssh: connect to host 192.168.123.1 port 222: No route to host
have had no problems with the N2N TLS-Server which starts without problems but the N2N TLS-Client crashed, even if no static route has been defined, the whole network/routing.
Am not sure what causes this but i would strongly recommend to revert this patch from origin/next !!!
May someone else can check this patch too ?
Best regards,
Erik
Am Mittwoch, den 11.11.2020, 18:12 +0000 schrieb ummeegge:
Fixes: #12529
- If a client N2N configuration will be imported into IPFire systems,
a line will be added which calls the --up script to restart the static route initscript. Since this is IPFire specific, i will only be added via import on IPFire system.
- Deleted unneeded line in CLIENTCONF section.
- Added description to SERVERCONF section.
Signed-off-by: ummeegge erik.kapfer@ipfire.org
html/cgi-bin/ovpnmain.cgi | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 8626a94ca..44cb48996 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -953,6 +953,7 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General print SERVERCONF "ifconfig $ovsubnet.1 $ovsubnet.2\n"; print SERVERCONF "# Client Gateway Network\n"; print SERVERCONF "route $remsubnet[0] $remsubnet[1]\n";
- print SERVERCONF "# Call up script for static routes\n"; print SERVERCONF "up "/etc/init.d/static-routes start"\n"; print SERVERCONF "# tun Device\n"; print SERVERCONF "dev tun\n";
@@ -1052,7 +1053,6 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General print CLIENTCONF "ifconfig $ovsubnet.2 $ovsubnet.1\n"; print CLIENTCONF "# Server Gateway Network\n"; print CLIENTCONF "route $remsubnet[0] $remsubnet[1]\n";
- print CLIENTCONF "up "/etc/init.d/static-routes start"\n"; print CLIENTCONF "# tun Device\n"; print CLIENTCONF "dev tun\n"; print CLIENTCONF "#Logfile for statistics\n";
@@ -3333,6 +3333,12 @@ END print FILE "status /var/run/openvpn/$n2nname[0]-n2n 10\n"; close FILE;
# Add static route command to client configurationopen(FILE, ">> $tempdir/$uplconffilename") or die 'Unable toopen config file.';
print FILE "# Call up script for static routes\n";print FILE "up \"/etc/init.d/static-routes start\"\n";close FILE;move("$tempdir/$uplconffilename","${General::swroot}/ovpn/n2nconf/$n2nname[0]/$uplconffilename2");
if ($? ne 0) {
-
Michael Tremer -
ummeegge -
ummeegge