| Summary: | Fixes for OpenVPN N2N Version 2 | ||
|---|---|---|---|
| Product: | IPFire | Reporter: | Erik Kapfer <ummeegge> |
| Component: | openvpn | Assignee: | Erik Kapfer <ummeegge> |
| Status: | CLOSED FIXED | QA Contact: | |
| Severity: | - Unknown - | ||
| Priority: | - Unknown - | CC: | michael.tremer |
| Version: | 2 | ||
| Hardware: | all | ||
| OS: | Linux | ||
| Bug Depends on: | 10162 | ||
| Bug Blocks: | |||
| Attachments: |
Changing the OpenVPN N2N colours to origin on index.cgi
Attached is a fix for the bug that prevent the routes to be deleted. Feel free to test and comment this Patch for the language files directory sort VPN list on index.cgi patch for ovpnmain.cgi ovpnmain.cgi patch for ccd rootfile patch for ccd lfs patch for ccd |
||
|
Description
Erik Kapfer
2012-05-24 10:28:46 UTC
(In reply to comment #0) > The first patch i have made is to give the index.cgi the origin colour (the > same then for the roadwarrior) for OpenVPN N2N connections on IPFire. At this > time the colour is stated in IPSec colour, so i made a patch to change this. Very good decision. Created attachment 31 [details]
Attached is a fix for the bug that prevent the routes to be deleted. Feel free to test and comment this
Both patches have been merged: http://git.ipfire.org/?p=ipfire-2.x.git;a=shortlog;h=8e148dc343c0a313568cc8a8c140090f93817b23 Please test. Created attachment 32 [details]
Patch for the language files directory
Comment on attachment 32 [details]
Patch for the language files directory
I have made a patch for the translation files in /var/ipfire/langs . The following lines where added:
'ovpn routes push options' => 'Route push options',
'ovpn routes push' => 'Routes (one per line):',
'ovpn errmsg invalid ip or mask' => 'Invalid network-address or subnetmask',
'ovpn errmsg green already pushed' => 'Route for green network is always set',
This lines where translated from german to english, to french (thanks to cloonn) and to russian (thnaks to CompWorm). Polish and spanish haven´t be translated until now, so i filled these language files for the first with english content.
Created attachment 47 [details]
sort VPN list on index.cgi
Regarding to a thread in the forum, i want to deliver two patches from the user wku. I have separated the OpenVPN changes from the IPSec CA changes, cause there where some open questions.
So this patches should sort the VPN connection lists by the Name on index.cgi and ovpnmain.cgi also there should be a fix for the sign of the host certificate request.
Created attachment 48 [details]
patch for ovpnmain.cgi
I have added 3 patches to implement the functions of the client-config-dir for the Roadwarrior. With ccd is it possible to assign static IP´s to the clients over the ifconfig-push directive. So client specific rules and access policies over IPTables can be made over a user text file located under the ccd directory. Also an internal OpenVPN routing over the "iroute" directive, "redirect-gateway" and "push route" commands can be done for each client individually. The ccd direktive works by apply a text file into the ccd directory with the identic name then the common name of the certificate. If there are no text file for a respective client (or in general no text files in ccd), OpenVPN works as usual with the server.conf file and ignores the client-config-dir entry in the server.conf. client-config-dir explanation on OpenVPN --> http://openvpn.net/index.php/open-source/documentation/howto.html#policy . Created attachment 50 [details]
ovpnmain.cgi patch for ccd
Created attachment 51 [details]
rootfile patch for ccd
Created attachment 52 [details]
lfs patch for ccd
Feedback on the Telnet.pm problem: I cannot understand what the problem is, because if you write "use Net::Telnet" into your CGI scripts the module is properly found. The location of the file is the right one. Should I merge the other patches regarding CCD or do they need some more testing? Hi Michael, Telnet.pm: thanks for figuring that out, so the error report which i become was may because of not resaving the connections after the update. CCD: For me it works quiet round since a couple of weeks now with the changes i deliver. The only thing i´am not quiet sure about what the best is it to give the ccd directory root.root or better nobody.nobody ? What du you think ? 3 more things: 1) The connections.cgi doesn´t display the N2N colors --> https://bugzilla.ipfire.org/show_bug.cgi?id=10162 . 2) After a connection stop the routes and IP´s aren´t deleted correctly by OpenVPN cause the lower permissions privilege for the user nobody --> http://forum.ipfire.org/index.php?topic=6073.0 . 3) The connection state in index.cgi and ovpnmain.cgi stops by the red marked "Auth" but in fact the connection are established, to see a green marked "connected" there is the need to refresh the page. Also i haven´t heared about other testing response from users for this changes (only from WhyTea a very short one), so i confirm to thing about if it is a good idea to release this. Nevertheless for me the changes works good, except of the above mentioned probs. Greetings Erik All changes have been released with Core 61 |