Hello, > On 30 Jun 2025, at 10:55, Adolf Belka <adolf.be...@ipfire.org> wrote: > > Hi Michael, > > On 30/06/2025 10:46, Michael Tremer wrote: >> Hello Adolf, >> The initscript works absolutely fine for me: > > Interesting. > >> [root@ipfire-openvpn ipfire-2.x]# /etc/init.d/openvpn-rw status >> /usr/sbin/openvpn is not running. >> [root@ipfire-openvpn ipfire-2.x]# /etc/init.d/openvpn-rw start >> Starting OpenVPN Roadwarrior Server... >> [ OK ] >> Starting OpenVPN Authenticator... >> [ OK ] >> [root@ipfire-openvpn ipfire-2.x]# /etc/init.d/openvpn-rw status >> openvpn is running with Process ID(s) 27406. >> [root@ipfire-openvpn ipfire-2.x]# ps aux | grep openvpn >> nobody 27406 0.0 0.1 12052 7624 ? Ss 10:45 0:00 >> /usr/sbin/openvpn --config /var/ipfire/ovpn/server.conf >> root 27446 0.0 0.2 16580 10740 ? S 10:45 0:00 >> /usr/bin/python3 /usr/sbin/openvpn-authenticator --daemon >> root 27455 0.0 0.0 6660 2612 pts/1 S+ 10:45 0:00 grep openvpn >> [root@ipfire-openvpn ipfire-2.x]# ll /var/run/openvpn* >> -rw------- 1 root root 227 Jun 30 10:45 /var/run/openvpn-rw.log >> -rw-r--r-- 1 root root 6 Jun 30 10:45 /var/run/openvpn-rw.pid >> srwxrwxrwx 1 root root 0 Jun 30 10:45 /var/run/openvpn.sock >> /var/run/openvpn: >> total 0 >> [root@ipfire-openvpn ipfire-2.x]# /etc/init.d/openvpn-rw stop >> Stopping OpenVPN Authenticator... >> [ OK ] >> Stopping OpenVPN Roadwarrior Server... >> [ OK ] >> [root@ipfire-openvpn ipfire-2.x]# ll /var/run/openvpn* >> -rw------- 1 root root 227 Jun 30 10:45 /var/run/openvpn-rw.log >> srwxrwxrwx 1 root root 0 Jun 30 10:45 /var/run/openvpn.sock >> /var/run/openvpn: >> total 0 >> [root@ipfire-openvpn ipfire-2.x]# /etc/init.d/openvpn-rw status >> /usr/sbin/openvpn is not running. >> Can you confirm this on your system? Might the problem simply be that your >> OpenVPN RW server crashes and then the PID file does not get cleaned up >> properly? > > I already confirmed that because when it wouldn't start in the WUI again, I > used the manual commands. The only difference I see in the commands is that I > used /etc/rc.d/init.d/openvpn-rw > > My testing was also done on an install from the iso that you provided the > link to.
Yes, I am also on the same image. There is now one initscript for the road warrior service and one for the n2n services. > One thing I noticed is that your /var/run/openvpn/ directory is empty, so > presumably no net 2 net config. I do have that, so I just disabled the n2n > connection (not deleted) and now my stop command is working correctly. I don’t have any N2N connections on this test system. It should not make a difference at all, but I cannot say that I tested this all a lot. > I then enabled the n2n connection again and the RW server can still be > successfully enabled/started and disabled/stopped and enabled/started again. > > So whatever the problem is it was only present after I had restored IPFire so > that I got the rw and n2n connections. Hmm, this is why we are testing his. A lot of code has changed. I just don’t know what do to with this issue now. > However now, the n2n connection no longer shows DISCONNECTED in a red > background but an empty space and now the n2n connection is no longer showing > up in my ps aux | grep openvpn listing, whereas before it did. > > I will try doing a fresh install again and test out with a fresh config of > the rw alone and then after that do a restore of my rw/n2n connections and > see what happens then. Yes, this sounds sensible. I have only ever tested a fresh installation and never restored any existing configuration. There might be bugs here. -Michael > > Regards, > > Adolf. > > >> -Michael >>> On 30 Jun 2025, at 09:40, Michael Tremer <michael.tre...@ipfire.org> wrote: >>> >>> Hello Adolf, >>> >>> Thank you very much for looking into this for me. >>> >>>> On 29 Jun 2025, at 11:51, Adolf Belka <adolf.be...@ipfire.org> wrote: >>>> >>>> Hi All, >>>> >>>> Tested out the latest openvpn-rebase branch from @ms using the link to the >>>> iso that he provided from the latest fixes. >>>> >>>> The disable and enable checkbox now works. If you enable the checkbox and >>>> save then the box is enabled and if you then disable and save it the >>>> checkbox now is disabled so that previous issue is fixed. >>> >>> That is a good start. >>> >>>> Unfortunately the start and stop issue is still present. >>> >>> This is less good. I am sure that I tested that the sever gets properly >>> started, restarted and stopped. I can look into this again. Hopefully this >>> should not stop us from conducting any further testing. >>> >>>> When I start the system running with the openvpn server running and then I >>>> disable the server then it shows the server as stopped. >>>> >>>> If I then enable the server and save then the checkbox is enabled but the >>>> server stays stopped. >>>> >>>> On the command line the status shows >>>> >>>> /usr/sbin/openvpn is not running but /var/run/openvpn-rw.pid exists. >>>> >>>> So the server stopped but the pid was not removed. >>>> >>>> If I boot the system and the server was checked as enabled then everything >>>> starts properly. >>>> >>>> The boot screen shows >>>> >>>> Starting OpenVPN Roadwarrior Server... OK >>>> Starting OpenVPN Authenticator... OK >>>> Starting OpenVPN N2N connection 'ipfirenet2net'... OK >>>> >>>> then if I straight away reboot the shutdown screen shows >>>> >>>> >>>> Stopping OpenVPN Authenticator... Not running WARN >>>> Stopping OpenVPN Roadwarrior Server... FAIL >>>> Stopping OpenVPN N2N connection 'ipfirenet2net'... OK >>> >>> Okay, this is interesting. The authenticator cannot run without the RW >>> service being active. So this does not concern me at this point. >>> >>> The RW server should however be running if it is enabled. Is there anything >>> in the logs that explains why it crashed? >>> >>>> The N2N connection starts and stops correctly and the pid is removed. >>>> >>>> I believe that this might be due to the variable PIDFILE being used for >>>> both the authenticator and the rw daemons and when the openvpn-rw daemon >>>> is being shutdown it has the authenticator pid in the PIDFILE variable and >>>> not the openvpn-rw.pid file name. >>> >>> Yes, I had to play around a lot with this. The initscripts are designed to >>> deal with only one service and I hacked my way around it. >>> >>>> I have tried various ways to change this in the openvpn-rw initscript but >>>> I ended up fixing it for one thing but then creating a problem for another >>>> one. Basically I think because I don't understand how the whole initscript >>>> and pid process is running in IPFire. >>> >>> Neither do I :) It is all very broken there and so there won't be a very >>> clean and obvious way ahead. >>> >>> I will look into it. >>> >>> Any other findings so far? >>> >>> -Michael >>> >>>> >>>> Regards, >>>> Adolf.
