Erstellt vor 16 Monaten

Geschlossen vor 16 Monaten

#2850 closed defect (fixed)

OpenVPN - multiple configs - wrong runstate shown in Webinterface

Erstellt von: no.herbert Verantwortlicher: MaxMuster
Priorität: normal Meilenstein: freetz-next
Komponente: packages Version: devel
Stichworte: openvpn Beobachter:
Product Id: Firmware Version:

Beschreibung (zuletzt geändert von er13)

If there are multiple openvpn-configs, the running-state of the additional configs is shown wrong in the freetz-webinterface.

For example in my config (3 profiles: default, client1, client2) all three are configured to autostart and they all start correctly, but the webinterface indicates that only the default one is running and the other two are stopped.
It's especially bad cause i can't stop the service from webinterface because it says it isn't running and if i click start, the start-process fails (because it's already running)

I found the source of the problem when i looked at the output of "ps|grep openvpn". When the 3 instances are spawned by autostart, then it looks like this:

10329 openvpn   3264 S    /usr/sbin/openvpn --config /mod/etc/openvpn.conf --writepid /var/run/openvpn.pid --daemon
10361 root      3548 S    /usr/sbin/openvpn_client1 --config /mod/etc/openvpn.conf --writepid /var/run/openvpn_client1.pid --daemon
10388 root      3548 S    /usr/sbin/openvpn_client2 --config /mod/etc/openvpn.conf --writepid /var/run/openvpn_client2.pid --daemon

So obviously every instance overwrites the same "openvpn.conf" file and starts with it as their own config. The connection works out but it seems like this is a problem for the webinterface finding the correct process of each connection (and makes it think the process isn't even running)

if i stop the processes and start /etc/init.d/rc.openvpn manually, they are started like this:

10329 openvpn   3264 S    /usr/sbin/openvpn --config /mod/etc/openvpn.conf --writepid /var/run/openvpn.pid --daemon
10361 openvpn   3548 S    /usr/sbin/openvpn --config /mod/etc/openvpn.conf --writepid /var/run/openvpn_client1.pid --daemon
10388 openvpn   3548 S    /usr/sbin/openvpn --config /mod/etc/openvpn.conf --writepid /var/run/openvpn_client2.pid --daemon

CAUTION: these logs are altered(anonymised + i didn't have an actual log of the processes after boot at the moment of writing this), they are just to show you what happened, don't worry about the process-numbers shown here.

it's also interresting that, depending on how it's started, the two additional clients are started as root-processes instead of openvpn-user's.

if the three processes are manually started on console per "/var/mod/etc/init.d/rc.openvpn start", "/var/mod/etc/init.d/rc.openvpn_client1 start" and "/var/mod/etc/init.d/rc.openvpn_client2 start" the configuration files are named correctly and everything works as expected. then also the webinterface shows them correctly.

POSSIBLE FIX:
for me the problem is solved after adding the line

"DAEMON_CONFIG=/mod/etc/${DAEMON}.conf"

at line 108 in the file /etc/init.d/rc.openvpn

so for me it's now:

106                        DAEMON_LONG_NAME=$DAEMON
107                        DAEMON_BIN=$DAEMON                   
108                        DAEMON_CONFIG=/mod/etc/${DAEMON}.conf
109                        PID_FILE=/var/run/${DAEMON_BIN}.pid    
110                        modlib_start $TMP_ENABLE                  

Anhänge (1)

.config (74.1 KB) - hinzugefügt von no.herbert vor 16 Monaten.
(probably) the current .config at the point of failure

Alle Anhänge herunterladen als: .zip

Änderungshistorie (9)

comment:1 Geändert vor 16 Monaten durch er13

  • Beschreibung geändert (Diff)

comment:2 Geändert vor 16 Monaten durch er13

What version of openvpn*-cgi do you use? openvpn-cgi or openvpn-v2-cgi (the mandatory .config would answer this question)?

Geändert vor 16 Monaten durch no.herbert

(probably) the current .config at the point of failure

comment:3 Geändert vor 16 Monaten durch no.herbert

I'm sorry, i completely forgot about the .config

Not 100% sure but i attached the .config which i think was used for the firmware i reported the problems from.
Anyways i tried many different configurations in the last 2 weeks and i had the problem with all of them.
I think i even noticed that problem on my freetz-builds for my old 7050 some time ago.

I only tried the openvpn-v2-cgi once, cause is wanted to see the current state of development - but i didn't use it to connect, so the problem i am reporting is related only to the old version.

The problem itself should be pretty easy to reproduce:
1) Add multiple configurations to OpenVPN
2) Set all (or parts of them) on automatic start on startup
3) Reboot the box and look at the Services-page: default openvpn is displayed correctly, the other ones are shown as stopped but you can check by console that they are running

I'm using latest freetz-Revisions for my builds. So at the moment i am on Revision 13839.

comment:4 Antwort: Geändert vor 16 Monaten durch MaxMuster

I see your problem, obviously a result of a missing special case for openvpn in 12296 (which introduced "DAEMON_CONFIG" but not taking into account the multiple OpenVPN settings).
Just from reading (not yet tested), you also provided the propper solution, by setting "DAEMON_CONFIG".
I will try to do some more tests and then commit the fix.
Thanks!

comment:5 Geändert vor 16 Monaten durch MaxMuster

  • Status von new nach accepted geändert
  • Verantwortlicher auf MaxMuster gesetzt

comment:6 als Antwort auf: ↑ 4 Geändert vor 16 Monaten durch er13

Replying to MaxMuster:

Just from reading (not yet tested), you also provided the propper solution, by setting "DAEMON_CONFIG".

ACK.

Jörg, could you please check if the same error also exists in openvpn-v2-cgi? Not sure if it supports multiple configurations at all…

comment:7 Geändert vor 16 Monaten durch MaxMuster

In 13840:

openvpn-cgi:

  • fix for overwritten config files after itroduction of DAEMON_CONFIG in changeset:12296
  • using fix proposed by user no.herbert
  • refs #2850

comment:8 Geändert vor 16 Monaten durch MaxMuster

  • Lösung auf fixed gesetzt
  • Status von accepted nach closed geändert

Fixed in r13840.

Remark: Handling of configurations in "openvpn-v2-cgi" is different and not affected.

Hinweis: Hilfe zur Verwendung von Tickets finden Sie in TracTickets.