Bug 10137 - Fixes for OpenVPN N2N Version 2
Summary: Fixes for OpenVPN N2N Version 2
Status: CLOSED FIXED
Alias: None
Product: IPFire
Classification: Unclassified
Component: openvpn (show other bugs)
Version: 2
Hardware: all Linux
: - Unknown - - Unknown -
Assignee: Erik Kapfer
QA Contact:
URL:
Keywords:
Depends on: 10162
Blocks:
  Show dependency treegraph
 
Reported: 2012-05-24 10:28 UTC by Erik Kapfer
Modified: 2012-12-18 21:43 UTC (History)
1 user (show)

See Also:


Attachments
Changing the OpenVPN N2N colours to origin on index.cgi (651 bytes, application/octet-stream)
2012-05-24 10:28 UTC, Erik Kapfer
Details
Attached is a fix for the bug that prevent the routes to be deleted. Feel free to test and comment this (546 bytes, application/octet-stream)
2012-05-24 15:29 UTC, Nico Prenzel
Details
Patch for the language files directory (1021.60 KB, application/octet-stream)
2012-05-27 08:57 UTC, Erik Kapfer
Details
sort VPN list on index.cgi (401 bytes, patch)
2012-06-17 12:13 UTC, Erik Kapfer
Details
patch for ovpnmain.cgi (1.14 KB, patch)
2012-06-17 12:14 UTC, Erik Kapfer
Details
ovpnmain.cgi patch for ccd (524 bytes, patch)
2012-06-18 10:44 UTC, Erik Kapfer
Details
rootfile patch for ccd (289 bytes, patch)
2012-06-18 10:44 UTC, Erik Kapfer
Details
lfs patch for ccd (540 bytes, patch)
2012-06-18 10:45 UTC, Erik Kapfer
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Erik Kapfer 2012-05-24 10:28:46 UTC
Created attachment 30 [details]
Changing the OpenVPN N2N colours to origin on index.cgi

Regarding to the unsupported prerelease of IPFire 2.11-Core 60 which was made by Michael (thanks again Michael) and can be found in here --> http://people.ipfire.org/~ms/unsupported/core-upgrade-2.11-60.ipfire i tought it might be good idea to collect the fixes for the new version in a central section here in the Bugtracker. 

1)
The first patch i have made is to give the index.cgi the origin colour (the same then for the roadwarrior) for OpenVPN N2N connections on IPFire. At this time the colour is stated in IPSec colour, so i made a patch to change this.
Comment 1 Michael Tremer 2012-05-24 10:45:55 UTC
(In reply to comment #0)
> The first patch i have made is to give the index.cgi the origin colour (the
> same then for the roadwarrior) for OpenVPN N2N connections on IPFire. At this
> time the colour is stated in IPSec colour, so i made a patch to change this.

Very good decision.
Comment 2 Nico Prenzel 2012-05-24 15:29:33 UTC
Created attachment 31 [details]
Attached is a fix for the bug that prevent the routes to be deleted.  Feel free to test and comment this
Comment 3 Michael Tremer 2012-05-24 18:20:09 UTC
Both patches have been merged:

http://git.ipfire.org/?p=ipfire-2.x.git;a=shortlog;h=8e148dc343c0a313568cc8a8c140090f93817b23

Please test.
Comment 4 Erik Kapfer 2012-05-27 08:57:17 UTC
Created attachment 32 [details]
Patch for the language files directory
Comment 5 Erik Kapfer 2012-05-27 09:03:10 UTC
Comment on attachment 32 [details]
Patch for the language files directory

I have made a patch for the translation files in /var/ipfire/langs . The following lines where added:
'ovpn routes push options' => 'Route push options',
'ovpn routes push' => 'Routes (one per line):',
'ovpn errmsg invalid ip or mask' => 'Invalid network-address or subnetmask',
'ovpn errmsg green already pushed' => 'Route for green network is always set',

This lines where translated from german to english, to french (thanks to cloonn) and to russian (thnaks to CompWorm). Polish and spanish haven´t be translated until now, so i filled these language files for the first with english content.
Comment 6 Erik Kapfer 2012-06-17 12:13:43 UTC
Created attachment 47 [details]
sort VPN list on index.cgi

Regarding to a thread in the forum, i want to deliver two patches from the user wku. I have separated the OpenVPN changes from the IPSec CA changes, cause there where some open questions.
So this patches should sort the VPN connection lists by the Name on index.cgi and ovpnmain.cgi also there should be a fix for the sign of the host certificate request.
Comment 7 Erik Kapfer 2012-06-17 12:14:30 UTC
Created attachment 48 [details]
patch for ovpnmain.cgi
Comment 8 Erik Kapfer 2012-06-18 10:43:50 UTC
I have added 3 patches to implement the functions of the client-config-dir for the Roadwarrior. With ccd is it possible to assign static IP´s to the clients over the ifconfig-push directive. So client specific rules and access policies over IPTables can be made over a user text file located under the ccd directory. 
Also an internal OpenVPN routing over the "iroute" directive, "redirect-gateway" and "push route" commands can be done for each client individually. 

The ccd direktive works by apply a text file into the ccd directory with the identic name then the common name of the certificate. If there are no text file for a respective client (or in general no text files in ccd), OpenVPN works as usual with the server.conf file and ignores the client-config-dir entry in the server.conf. 

client-config-dir explanation on OpenVPN --> http://openvpn.net/index.php/open-source/documentation/howto.html#policy .
Comment 9 Erik Kapfer 2012-06-18 10:44:27 UTC
Created attachment 50 [details]
ovpnmain.cgi patch for ccd
Comment 10 Erik Kapfer 2012-06-18 10:44:51 UTC
Created attachment 51 [details]
rootfile patch for ccd
Comment 11 Erik Kapfer 2012-06-18 10:45:13 UTC
Created attachment 52 [details]
lfs patch for ccd
Comment 12 Michael Tremer 2012-06-20 15:39:09 UTC
Feedback on the Telnet.pm problem:

I cannot understand what the problem is, because if you write "use Net::Telnet" into your CGI scripts the module is properly found. The location of the file is the right one.

Should I merge the other patches regarding CCD or do they need some more testing?
Comment 13 Erik Kapfer 2012-06-20 17:11:56 UTC
Hi Michael,
Telnet.pm:
thanks for figuring that out, so the error report which i become was may because of not resaving the connections after the update. 

CCD:
For me it works quiet round since a couple of weeks now with the changes i deliver. The only thing i´am not quiet sure about what the best is it to give the ccd directory root.root or better nobody.nobody ? What du you think ?

3 more things:
1) The connections.cgi doesn´t display the N2N colors --> https://bugzilla.ipfire.org/show_bug.cgi?id=10162 .

2) After a connection stop the routes and IP´s aren´t deleted correctly by OpenVPN cause the lower permissions privilege for the user nobody --> http://forum.ipfire.org/index.php?topic=6073.0 .

3) The connection state in index.cgi and ovpnmain.cgi stops by the red marked "Auth" but in fact the connection are established, to see a green marked "connected" there is the need to refresh the page.

Also i haven´t heared about other testing response from users for this changes (only from WhyTea a very short one), so i confirm to thing about if it is a good idea to release this.
Nevertheless for me the changes works good, except of the above mentioned probs.

Greetings

Erik
Comment 14 Erik Kapfer 2012-12-18 21:43:05 UTC
All changes have been released with Core 61