A poster on the forum reported that some of his OpenVPN clients always showed DISCONNECTED even after several hours of actual connection of the client. Forum thread https://community.ipfire.org/t/wrong-openvpn-status/9651
After some investigation in the forum thread iy was identified that the problem occurs when the certificate Common Name that has been used has underscores. The certificate with underscores is accepted (and this is in line with RFC5280) so the connection is able to be made. The code that checks for the status extracts the common name for the connection and then there is regex code that replaces all underscores in the common name by spaces. This means that the status for the certificate common name is never found as the status common name has been changed. Reproduced the problem on my vm testbed system. Will create a patch that corrects this.
Patch tested out on vm test bed. Patch submitted to dev mailing list and patchwork. https://lists.ipfire.org/pipermail/development/2023-July/016192.html https://patchwork.ipfire.org/project/ipfire/patch/20230727135725.7053-1-adolf.belka@ipfire.org/
Patch has been merged into next (CU178)
https://blog.ipfire.org/post/ipfire-2-27-core-update-179-is-available-for-testing
Bug verified to be fixed.
https://blog.ipfire.org/post/ipfire-2-27-core-update-179-released