Bug 10323

Summary:	OpenVPN: Green route not added. core 66 (and 65?)
Product:	IPFire	Reporter:	Tobias Meyer <tm>
Component:	openvpn	Assignee:	Stefan Schantl <stefan.schantl>
Status:	CLOSED FIXED	QA Contact:
Severity:	Minor Usability
Priority:	Will only affect a few users	CC:	michael.tremer, stefan.schantl
Version:	2
Hardware:	i686
OS:	Unspecified

Description Tobias Meyer 2013-02-28 20:53:09 UTC

In /srv/web/ipfire/cgi-bin/ovpnmain.cgi the line 355 has been commented out, so the route to the green interface is no longer pushed.

Additionally I cannot add the green interface to the routes in "advanced server options" because it gives the error message "Route for green network is always set"

This renders OpenVPN unfunctional unless people manually add the route.

Comment 1 Tobias Meyer 2013-02-28 21:02:06 UTC

I just found the extra files in the ccd subdirectory.

But they are not used when I log in.

I suspect an issue with blanks in the directory structure, because the one person without blank between firstname and lastname did not report problems.

Structure of the files is:

[root@router ovpn]# ls -al /var/ipfire/ovpn/ccd
-rw-r--r-- 1 nobody nobody  188 2013-02-04 07:46 Firstname Lastname
-rw-r--r-- 1 nobody nobody  188 2013-02-04 07:46 OtherUser


User "Lastname Firstname" does not work
User "OtherUser" did not report problems

Comment 2 Tobias Meyer 2013-02-28 21:16:58 UTC

Update2:

Fixed the issue by manually going into each user (edit) and saving.

This populated the /var/ipfire/ovpn/ccdroute2 file and created some new files in /var/ipfire/ovpn/ccd (this time with "Firstname_Lastname" instead of "Firstname Lastname")

I can now connect even with line 355 commented out.

Comment 3 Michael Tremer 2013-03-01 13:59:41 UTC

Just to make it clear to me? What changes do you think need to be done in IPFire - if any?

Comment 4 Tobias Meyer 2013-03-01 14:46:27 UTC

Either one of:

1) The upgrade process would need to be patched, so people comming from earlier core versions will not be affected - may bee too late for that.

2) There should probably be a post-install script in one of the next core versions that automatically "re-saves" all persons in the openvpn list to fix the problem

Also: Some easy to find info about how to fix it.

I am a little confused that this did not hit more people - I would have suspected a bigger wave. We run a pretty basic setting and it simply broke for us by updating.
Maybe it is only triggered once the openvpn page is loaded or something in the server settings is changed - without editing the users.
Maybe we are the only ones having the real name with spaces in the user's remarks...

Comment 5 Stefan Schantl 2014-01-12 16:25:53 UTC

Problem will be fixed with Core 75. All required changes can be found here:

http://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=33f297c92b917e9ffff0f18cbee5b0f2e5bd34cd

http://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=4d5247bdd079493da9989941278d4172cde3bfbf

Comment 6 Stefan Schantl 2014-01-12 16:27:08 UTC

Fix (Testversion of Core 75) can be found in the Testing Tree.

Please test and report any problem or errors.

Thanks in advance.

-Stefan

Comment 7 Stefan Schantl 2014-01-12 20:26:03 UTC

Fix has been released with Core Update 75.