https://community.ipfire.org/t/possible-bug-ipsec-certificate-export-problem-since-core-update-158/5867 This my first ever bug report so please beare with me. When trying to set up an IPSEC roadwarrior VPN the downloaded certificates (.p12 files ) by IPfireGUI the files are corrupt When i copy the .p12 files via CP from /var/ipfire/certs to an usb stick and import them to windows10 they work fine. when you download the .p12 trough the gui on chrome by IPfire->Services->IPSEC-> Connection Status and -Control and click on the download ICON they wil not import in WIN10 the error is can not recognise filteype or This file can not be used for personal information exchange when I look at the corrupt files: for each line but the first there is an extra space, but correcting that manualy wont help. Problems come when updating to core 158 confirmed by reinstalling the firewall 4 times regards Cok1 I am new here don’t know how to file a bug report or what.
@Stefan, would you have a look at this? @Arne, if a patch is available soon, could we get this as a hot fix in c159?
Michael has provided a fix for this issue, which can be found here: https://git.ipfire.org/?p=people/ms/ipfire-2.x.git;a=commit;h=19f5da7f43630734d1b2998204648385cc34b728 Currently we are working on some more fixes for the vpnmain.cgi file which will be submitted as a whole patcheset to the mailing list.
I have the same Problem since core 158 up to core 160 Manual copy the .p12 certificates out of /var/ip/certs works fine under Windows 7 and 10 Using the Windows Download Icon in the Web-GUI under IPFire->Service->IPSEC to Download the Client-Certificate.p12 and try to install it, results in the Error "can not recognise filetype". so i have changed the download routine in /srv/web/ipfire/cgi-bin/vpnmain.cgi line 1243 from: ... my @p12 = <FILE>; close(FILE); print "@p12"; ... to: ... while(<FILE>) print $_; # my @p12 = <FILE>; close(FILE); # print "@p12"; ... and it works i am not a perl crack and it looks like the same result but this one works and i dont know why ;) BOM ?
(In reply to Stefan Schantl from comment #2) > Michael has provided a fix for this issue, which can be found here: > > https://git.ipfire.org/?p=people/ms/ipfire-2.x.git;a=commit; > h=19f5da7f43630734d1b2998204648385cc34b728 > > Currently we are working on some more fixes for the vpnmain.cgi file which > will be submitted as a whole patcheset to the mailing list. I have tried this hotfix but it won't help. I used to have 159 and migrate to 161 version and there is still a problem with the certificate. I cannot import it in Mikrotik client as I was able in previous versions.
Resetting back to ASSIGNED, since nothing was ON_QA here...
I just ran into this when trying to export from a Core 159 machine. I applied the fix from Michael to that machine and it seemed to resolve the issue, but I then went to do the same for the Core 162 machine, and it was already applied? I'm not certain if this bug has already been fixed?
Hello @all, I've sent a patch to the mailing list to address and hopefully fix the pk12 export issue. https://patchwork.ipfire.org/project/ipfire/patch/20211230191536.2937-1-stefan.schantl@ipfire.org/ Please could anybody test and provide some feedback? Thanks in advance, -Stefan
https://git.ipfire.org/?p=people/pmueller/ipfire-2.x.git;a=commit;h=f8384fbf8de3406174dd54a4f22d0900b7fbe6dd Not bumping to MODIFIED since this is my temporary development branch, but I'd expect Arne to pick it up from there soon.
https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=f8384fbf8de3406174dd54a4f22d0900b7fbe6dd
https://blog.ipfire.org/post/ipfire-2-27-core-update-163-released