foris-controller-openvpn-module issueshttps://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues2019-02-11T14:02:02+01:00https://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues/4comp-lzo option is deprecated2019-02-11T14:02:02+01:00Vojtech Mysliveccomp-lzo option is deprecatedAn option `comp-lzo` is deprecated in OpenVPN 2.4 (we use 2.4.4 on the routers) and will be removed in version 2.5.
We should switch to modern `compress` option (if not remove compression at all).
From [OpenVPN man page](https://commun...An option `comp-lzo` is deprecated in OpenVPN 2.4 (we use 2.4.4 on the routers) and will be removed in version 2.5.
We should switch to modern `compress` option (if not remove compression at all).
From [OpenVPN man page](https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage):
```
--comp-lzo [mode]
DEPRECATED This option will be removed in a future OpenVPN release. Use the newer --compress instead.
...
```Turris OS 3.11https://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues/7comp-lzo is missing in generated client config2019-02-11T14:23:19+01:00Vojtech Mysliveccomp-lzo is missing in generated client config`comp-lzo` option was present in the generated configuration file in the past. From some 3.11.x on this option is no longer present in generated config (I can see this diff when I compare new config with old one).
However, openvpn serve...`comp-lzo` option was present in the generated configuration file in the past. From some 3.11.x on this option is no longer present in generated config (I can see this diff when I compare new config with old one).
However, openvpn server is still configured to use `comp-lzo` option. This leads to broken openvpn connection: client successfully connects to server but no data can pass through the tunnel. If I add `comp-lzo` to the client config, everything starts to work well.
Part of the openvpn UCI config file (`/etc/config/openvpn`):
```
config openvpn 'server_turris'
...
option comp_lzo 'yes'
```
Probably related to #4 #5Turris OS 3.11.3https://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues/6can't connect to openvpn using client configuration files from Foris2019-03-01T00:14:01+01:00Tony Quancan't connect to openvpn using client configuration files from ForisI'm using the Foris OpenVPN module in TurrisOS 3.11.1. When I generate a new client configuration and try to use that with an OpenVPN client, OpenVPN connects successfully but the client can't reach anything on the internet (even by pin...I'm using the Foris OpenVPN module in TurrisOS 3.11.1. When I generate a new client configuration and try to use that with an OpenVPN client, OpenVPN connects successfully but the client can't reach anything on the internet (even by pinging IP address) However, if I use the same/identically configured OpenVPN client with one of my OpenVPN client configurations that Foris generated before 3.11.1, it works properly. I'm not sure when this problem got introduced as it has been a while since I added any new client configurations.Turris OS 3.11.3Štěpán HenekŠtěpán Henekhttps://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues/5Disable compress option by default2019-03-01T00:14:00+01:00Josef SchlehoferDisable compress option by defaultCan we disable compress option at all in our plugin?
It seems that we use compress lzo from here:
https://gitlab.labs.nic.cz/turris/foris-controller-openvpn-module/blob/master/foris_controller_backends/openvpn/__init__.py#L265
On supp...Can we disable compress option at all in our plugin?
It seems that we use compress lzo from here:
https://gitlab.labs.nic.cz/turris/foris-controller-openvpn-module/blob/master/foris_controller_backends/openvpn/__init__.py#L265
On support, we received ticket #2861, which says:
> there is a vulnerability with OpenVPN with 'compress lzo' enable and with this vulnerability, it's possible to decrypt parts of HTTP traffic. HTTPS is not affected.
>
> More details can be found here:
> https://www.bleepingcomputer.com/news/security/voracle-attack-can-recover-http-data-from-vpn-connections/
>
> The only downside of disabling that option is that it can reduce the speed of OpenVPN.
>
> The OpenVPN doc was also updated. See more details from their mail list:
> https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg16919.htmlTurris OS 3.11.3Štěpán HenekŠtěpán Henekhttps://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues/10Autodetection of router address for openvpn client config is not working2019-12-17T16:04:37+01:00Martin MatějekAutodetection of router address for openvpn client config is not workingAutodetection is having trouble to detect IP address of router and instead set default placeholder
`remote <server_adddress> 1194`
It affects both TOS 3.x and 4.xAutodetection is having trouble to detect IP address of router and instead set default placeholder
`remote <server_adddress> 1194`
It affects both TOS 3.x and 4.xTurris OS 4.0.2https://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues/9OpenVPN client in Foris2019-12-17T16:04:38+01:00Karel KociOpenVPN client in ForisForis OpenVPN client would be a nice feature to have for users.Foris OpenVPN client would be a nice feature to have for users.Turris OS 5.1Štěpán HenekŠtěpán Henekhttps://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues/25Cannot open /etc/dhparam/dh-default.pem for DH parameters2022-01-27T17:34:15+01:00Lukas JelinekCannot open /etc/dhparam/dh-default.pem for DH parametersAfter automatic upgrade to TOS 5.2 (and manual reboot), the OpenVPN server could no longer start and issued these messages:
```
OpenSSL: error:02001002:system library:fopen:No such file or directory
OpenSSL: error:2006D080:BIO routines:...After automatic upgrade to TOS 5.2 (and manual reboot), the OpenVPN server could no longer start and issued these messages:
```
OpenSSL: error:02001002:system library:fopen:No such file or directory
OpenSSL: error:2006D080:BIO routines:BIO_new_file:no such file
Cannot open /etc/dhparam/dh-default.pem for DH parameters
```
As I could see, the `/etc/dhparam/dh-default.pem` file was not present although the configuration file ([openvpn-server_turris.conf](/uploads/c8ebfdbcff6f234ff85ef4887931ebb0/openvpn-server_turris.conf)) refered to it. There was only `/etc/dhparam/dh2048.pem` and `/usr/share/turris-cagen/dhparam.pem`. Copying the latter one to `/etc/dhparam/dh-default.pem` helped to start the server.Turris OS 5.2.1https://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues/30Timeout on saving settings2023-01-10T15:00:09+01:00Denis ShulyakaTimeout on saving settingsHi! After upgrading to TOS6 [HBT] I am unable to save OpenVPN server settings. The HTTP PUT request to /reforis/openvpn/api/server-settings times out.
lighttpd error log with enabled fastcgi.debug in /usr/libexec/reforis/lighttpd-dynami...Hi! After upgrading to TOS6 [HBT] I am unable to save OpenVPN server settings. The HTTP PUT request to /reforis/openvpn/api/server-settings times out.
lighttpd error log with enabled fastcgi.debug in /usr/libexec/reforis/lighttpd-dynamic:
```
2022-10-22 01:33:04: (../src/gw_backend.c.967) gw - found a host 0
2022-10-22 01:33:04: (../src/gw_backend.c.272) got proc: pid: 10182 socket: unix:/tmp/fastcgi.turris_auth.socket-0 load: 1
2022-10-22 01:33:04: (../src/gw_backend.c.347) released proc: pid: 10182 socket: unix:/tmp/fastcgi.turris_auth.socket-0 load: 0
2022-10-22 01:33:04: (../src/gw_backend.c.967) gw - found a host 0
2022-10-22 01:33:04: (../src/gw_backend.c.272) got proc: pid: 11113 socket: unix:/tmp/fastcgi.reforis.socket-0 load: 1
2022-10-22 01:33:35: (../src/gw_backend.c.347) released proc: pid: 11113 socket: unix:/tmp/fastcgi.reforis.socket-0 load: 0
2022-10-22 01:36:05: (../src/gw_backend.c.2845) idle-timeout reached, terminating child: socket: /tmp/fastcgi.reforis.socket-0 pid 11113
```
Debug log from syslog:
```
Oct 21 22:33:00 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Starting to validate announcement notification.
Oct 21 22:33:00 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Publishing announcement notification. ({'module': 'remote', 'action': 'advertize', 'kind': 'notification', 'data': {'state': 'running', 'id': '0000000B000128C9', 'hostname': 'shulyaka.org.ru', 'netboot': 'no', 'modules': [{'name': 'about', 'version': '5.2.0'}, {'name': 'diagnostics', 'version': '1.0.5'}, {'name': 'dns', 'version': '5.2.0'}, {'name': 'guest', 'version': '5.2.0'}, {'name': 'haas', 'version': '0.1.1'}, {'name': 'introspect', 'version': '5.2.0'}, {'name': 'lan', 'version': '5.2.0'}, {'name': 'maintain', 'version': '5.2.0'}, {'name': 'netmetr', 'version': '0.4.2'}, {'name': 'networks', 'version': '5.2.0'}, {'name': 'nextcloud', 'version': '0.2.0'}, {'name': 'openvpn', 'version': '0.8.0'}, {'name': 'openvpn_client', 'version': '0.6.0'}, {'name': 'password', 'version': '5.2.0'}, {'name': 'remote', 'version': '5.2.0'}, {'name': 'router_notifications', 'version': '5.2.0'}, {'name': 'schnapps', 'version': '0.5'}, {'name': '
Oct 21 22:33:00 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Announcer thread published.
Oct 21 22:33:00 shulyaka foris-controller[27440]: DEBUG:foris_client.buses.mqtt:Msg recieved for 'foris-controller/0000000B000128C9/notification/remote/action/advertize' (msg=b'{"module": "remote", "action": "advertize", "kind": "notification", "data": {"state": "running", "id": "0000000B000128C9", "hostname": "shulyaka.org.ru", "netboot": "no", "modules": [{"name": "about", "version": "5.2.0"}, {"name": "diagnostics", "version": "1.0.5"}, {"name": "dns", "version": "5.2.0"}, {"name": "guest", "version": "5.2.0"}, {"name": "haas", "version": "0.1.1"}, {"name": "introspect", "version": "5.2.0"}, {"name": "lan", "version": "5.2.0"}, {"name": "maintain", "version": "5.2.0"}, {"name": "netmetr", "version": "0.4.2"}, {"name": "networks", "version": "5.2.0"}, {"name": "nextcloud", "version": "0.2.0"}, {"name": "openvpn", "version": "0.8.0"}, {"name": "openvpn_client", "version": "0.6.0"}, {"name": "password", "version": "5.2.0"}, {"name": "remote", "version": "5.2.0"}, {"name": "router_notifications", "version": "5.2.0
Oct 21 22:33:00 shulyaka foris-controller[27440]: DEBUG:foris_client.buses.mqtt:Msg for 'foris-controller/0000000B000128C9/notification/remote/action/advertize' was processed
Oct 21 22:33:01 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Starting to validate announcement notification.
Oct 21 22:33:01 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Publishing announcement notification. ({'module': 'remote', 'action': 'advertize', 'kind': 'notification', 'data': {'state': 'running', 'id': '0000000B000128C9', 'hostname': 'shulyaka.org.ru', 'netboot': 'no', 'modules': [{'name': 'about', 'version': '5.2.0'}, {'name': 'diagnostics', 'version': '1.0.5'}, {'name': 'dns', 'version': '5.2.0'}, {'name': 'guest', 'version': '5.2.0'}, {'name': 'haas', 'version': '0.1.1'}, {'name': 'introspect', 'version': '5.2.0'}, {'name': 'lan', 'version': '5.2.0'}, {'name': 'maintain', 'version': '5.2.0'}, {'name': 'netmetr', 'version': '0.4.2'}, {'name': 'networks', 'version': '5.2.0'}, {'name': 'nextcloud', 'version': '0.2.0'}, {'name': 'openvpn', 'version': '0.8.0'}, {'name': 'openvpn_client', 'version': '0.6.0'}, {'name': 'password', 'version': '5.2.0'}, {'name': 'remote', 'version': '5.2.0'}, {'name': 'router_notifications', 'version': '5.2.0'}, {'name': 'schnapps', 'version': '0.5'}, {'name': '
Oct 21 22:33:01 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Announcer thread published.
Oct 21 22:33:01 shulyaka foris-controller[27440]: DEBUG:foris_client.buses.mqtt:Msg recieved for 'foris-controller/0000000B000128C9/notification/remote/action/advertize' (msg=b'{"module": "remote", "action": "advertize", "kind": "notification", "data": {"state": "running", "id": "0000000B000128C9", "hostname": "shulyaka.org.ru", "netboot": "no", "modules": [{"name": "about", "version": "5.2.0"}, {"name": "diagnostics", "version": "1.0.5"}, {"name": "dns", "version": "5.2.0"}, {"name": "guest", "version": "5.2.0"}, {"name": "haas", "version": "0.1.1"}, {"name": "introspect", "version": "5.2.0"}, {"name": "lan", "version": "5.2.0"}, {"name": "maintain", "version": "5.2.0"}, {"name": "netmetr", "version": "0.4.2"}, {"name": "networks", "version": "5.2.0"}, {"name": "nextcloud", "version": "0.2.0"}, {"name": "openvpn", "version": "0.8.0"}, {"name": "openvpn_client", "version": "0.6.0"}, {"name": "password", "version": "5.2.0"}, {"name": "remote", "version": "5.2.0"}, {"name": "router_notifications", "version": "5.2.0
Oct 21 22:33:01 shulyaka foris-controller[27440]: DEBUG:foris_client.buses.mqtt:Msg for 'foris-controller/0000000B000128C9/notification/remote/action/advertize' was processed
Oct 21 22:33:02 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Starting to validate announcement notification.
Oct 21 22:33:02 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Publishing announcement notification. ({'module': 'remote', 'action': 'advertize', 'kind': 'notification', 'data': {'state': 'running', 'id': '0000000B000128C9', 'hostname': 'shulyaka.org.ru', 'netboot': 'no', 'modules': [{'name': 'about', 'version': '5.2.0'}, {'name': 'diagnostics', 'version': '1.0.5'}, {'name': 'dns', 'version': '5.2.0'}, {'name': 'guest', 'version': '5.2.0'}, {'name': 'haas', 'version': '0.1.1'}, {'name': 'introspect', 'version': '5.2.0'}, {'name': 'lan', 'version': '5.2.0'}, {'name': 'maintain', 'version': '5.2.0'}, {'name': 'netmetr', 'version': '0.4.2'}, {'name': 'networks', 'version': '5.2.0'}, {'name': 'nextcloud', 'version': '0.2.0'}, {'name': 'openvpn', 'version': '0.8.0'}, {'name': 'openvpn_client', 'version': '0.6.0'}, {'name': 'password', 'version': '5.2.0'}, {'name': 'remote', 'version': '5.2.0'}, {'name': 'router_notifications', 'version': '5.2.0'}, {'name': 'schnapps', 'version': '0.5'}, {'name': '
Oct 21 22:33:02 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Announcer thread published.
Oct 21 22:33:02 shulyaka foris-controller[27440]: DEBUG:foris_client.buses.mqtt:Msg recieved for 'foris-controller/0000000B000128C9/notification/remote/action/advertize' (msg=b'{"module": "remote", "action": "advertize", "kind": "notification", "data": {"state": "running", "id": "0000000B000128C9", "hostname": "shulyaka.org.ru", "netboot": "no", "modules": [{"name": "about", "version": "5.2.0"}, {"name": "diagnostics", "version": "1.0.5"}, {"name": "dns", "version": "5.2.0"}, {"name": "guest", "version": "5.2.0"}, {"name": "haas", "version": "0.1.1"}, {"name": "introspect", "version": "5.2.0"}, {"name": "lan", "version": "5.2.0"}, {"name": "maintain", "version": "5.2.0"}, {"name": "netmetr", "version": "0.4.2"}, {"name": "networks", "version": "5.2.0"}, {"name": "nextcloud", "version": "0.2.0"}, {"name": "openvpn", "version": "0.8.0"}, {"name": "openvpn_client", "version": "0.6.0"}, {"name": "password", "version": "5.2.0"}, {"name": "remote", "version": "5.2.0"}, {"name": "router_notifications", "version": "5.2.0
Oct 21 22:33:02 shulyaka foris-controller[27440]: DEBUG:foris_client.buses.mqtt:Msg for 'foris-controller/0000000B000128C9/notification/remote/action/advertize' was processed
Oct 21 22:33:03 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Starting to validate announcement notification.
Oct 21 22:33:03 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Publishing announcement notification. ({'module': 'remote', 'action': 'advertize', 'kind': 'notification', 'data': {'state': 'running', 'id': '0000000B000128C9', 'hostname': 'shulyaka.org.ru', 'netboot': 'no', 'modules': [{'name': 'about', 'version': '5.2.0'}, {'name': 'diagnostics', 'version': '1.0.5'}, {'name': 'dns', 'version': '5.2.0'}, {'name': 'guest', 'version': '5.2.0'}, {'name': 'haas', 'version': '0.1.1'}, {'name': 'introspect', 'version': '5.2.0'}, {'name': 'lan', 'version': '5.2.0'}, {'name': 'maintain', 'version': '5.2.0'}, {'name': 'netmetr', 'version': '0.4.2'}, {'name': 'networks', 'version': '5.2.0'}, {'name': 'nextcloud', 'version': '0.2.0'}, {'name': 'openvpn', 'version': '0.8.0'}, {'name': 'openvpn_client', 'version': '0.6.0'}, {'name': 'password', 'version': '5.2.0'}, {'name': 'remote', 'version': '5.2.0'}, {'name': 'router_notifications', 'version': '5.2.0'}, {'name': 'schnapps', 'version': '0.5'}, {'name': '
Oct 21 22:33:03 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Announcer thread published.
Oct 21 22:33:03 shulyaka foris-controller[27440]: DEBUG:foris_client.buses.mqtt:Msg recieved for 'foris-controller/0000000B000128C9/notification/remote/action/advertize' (msg=b'{"module": "remote", "action": "advertize", "kind": "notification", "data": {"state": "running", "id": "0000000B000128C9", "hostname": "shulyaka.org.ru", "netboot": "no", "modules": [{"name": "about", "version": "5.2.0"}, {"name": "diagnostics", "version": "1.0.5"}, {"name": "dns", "version": "5.2.0"}, {"name": "guest", "version": "5.2.0"}, {"name": "haas", "version": "0.1.1"}, {"name": "introspect", "version": "5.2.0"}, {"name": "lan", "version": "5.2.0"}, {"name": "maintain", "version": "5.2.0"}, {"name": "netmetr", "version": "0.4.2"}, {"name": "networks", "version": "5.2.0"}, {"name": "nextcloud", "version": "0.2.0"}, {"name": "openvpn", "version": "0.8.0"}, {"name": "openvpn_client", "version": "0.6.0"}, {"name": "password", "version": "5.2.0"}, {"name": "remote", "version": "5.2.0"}, {"name": "router_notifications", "version": "5.2.0
Oct 21 22:33:03 shulyaka foris-controller[27440]: DEBUG:foris_client.buses.mqtt:Msg for 'foris-controller/0000000B000128C9/notification/remote/action/advertize' was processed
Oct 21 22:33:04 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Starting to validate announcement notification.
Oct 21 22:33:04 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Publishing announcement notification. ({'module': 'remote', 'action': 'advertize', 'kind': 'notification', 'data': {'state': 'running', 'id': '0000000B000128C9', 'hostname': 'shulyaka.org.ru', 'netboot': 'no', 'modules': [{'name': 'about', 'version': '5.2.0'}, {'name': 'diagnostics', 'version': '1.0.5'}, {'name': 'dns', 'version': '5.2.0'}, {'name': 'guest', 'version': '5.2.0'}, {'name': 'haas', 'version': '0.1.1'}, {'name': 'introspect', 'version': '5.2.0'}, {'name': 'lan', 'version': '5.2.0'}, {'name': 'maintain', 'version': '5.2.0'}, {'name': 'netmetr', 'version': '0.4.2'}, {'name': 'networks', 'version': '5.2.0'}, {'name': 'nextcloud', 'version': '0.2.0'}, {'name': 'openvpn', 'version': '0.8.0'}, {'name': 'openvpn_client', 'version': '0.6.0'}, {'name': 'password', 'version': '5.2.0'}, {'name': 'remote', 'version': '5.2.0'}, {'name': 'router_notifications', 'version': '5.2.0'}, {'name': 'schnapps', 'version': '0.5'}, {'name': '
Oct 21 22:33:04 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Announcer thread published.
Oct 21 22:33:04 shulyaka foris-controller[27440]: DEBUG:foris_client.buses.mqtt:Msg recieved for 'foris-controller/0000000B000128C9/notification/remote/action/advertize' (msg=b'{"module": "remote", "action": "advertize", "kind": "notification", "data": {"state": "running", "id": "0000000B000128C9", "hostname": "shulyaka.org.ru", "netboot": "no", "modules": [{"name": "about", "version": "5.2.0"}, {"name": "diagnostics", "version": "1.0.5"}, {"name": "dns", "version": "5.2.0"}, {"name": "guest", "version": "5.2.0"}, {"name": "haas", "version": "0.1.1"}, {"name": "introspect", "version": "5.2.0"}, {"name": "lan", "version": "5.2.0"}, {"name": "maintain", "version": "5.2.0"}, {"name": "netmetr", "version": "0.4.2"}, {"name": "networks", "version": "5.2.0"}, {"name": "nextcloud", "version": "0.2.0"}, {"name": "openvpn", "version": "0.8.0"}, {"name": "openvpn_client", "version": "0.6.0"}, {"name": "password", "version": "5.2.0"}, {"name": "remote", "version": "5.2.0"}, {"name": "router_notifications", "version": "5.2.0
Oct 21 22:33:04 shulyaka foris-controller[27440]: DEBUG:foris_client.buses.mqtt:Msg for 'foris-controller/0000000B000128C9/notification/remote/action/advertize' was processed
Oct 21 22:33:05 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Starting to validate announcement notification.
Oct 21 22:33:05 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Publishing announcement notification. ({'module': 'remote', 'action': 'advertize', 'kind': 'notification', 'data': {'state': 'running', 'id': '0000000B000128C9', 'hostname': 'shulyaka.org.ru', 'netboot': 'no', 'modules': [{'name': 'about', 'version': '5.2.0'}, {'name': 'diagnostics', 'version': '1.0.5'}, {'name': 'dns', 'version': '5.2.0'}, {'name': 'guest', 'version': '5.2.0'}, {'name': 'haas', 'version': '0.1.1'}, {'name': 'introspect', 'version': '5.2.0'}, {'name': 'lan', 'version': '5.2.0'}, {'name': 'maintain', 'version': '5.2.0'}, {'name': 'netmetr', 'version': '0.4.2'}, {'name': 'networks', 'version': '5.2.0'}, {'name': 'nextcloud', 'version': '0.2.0'}, {'name': 'openvpn', 'version': '0.8.0'}, {'name': 'openvpn_client', 'version': '0.6.0'}, {'name': 'password', 'version': '5.2.0'}, {'name': 'remote', 'version': '5.2.0'}, {'name': 'router_notifications', 'version': '5.2.0'}, {'name': 'schnapps', 'version': '0.5'}, {'name': '
Oct 21 22:33:05 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Announcer thread published.
Oct 21 22:33:05 shulyaka foris-controller[27440]: DEBUG:foris_client.buses.mqtt:Msg recieved for 'foris-controller/0000000B000128C9/notification/remote/action/advertize' (msg=b'{"module": "remote", "action": "advertize", "kind": "notification", "data": {"state": "running", "id": "0000000B000128C9", "hostname": "shulyaka.org.ru", "netboot": "no", "modules": [{"name": "about", "version": "5.2.0"}, {"name": "diagnostics", "version": "1.0.5"}, {"name": "dns", "version": "5.2.0"}, {"name": "guest", "version": "5.2.0"}, {"name": "haas", "version": "0.1.1"}, {"name": "introspect", "version": "5.2.0"}, {"name": "lan", "version": "5.2.0"}, {"name": "maintain", "version": "5.2.0"}, {"name": "netmetr", "version": "0.4.2"}, {"name": "networks", "version": "5.2.0"}, {"name": "nextcloud", "version": "0.2.0"}, {"name": "openvpn", "version": "0.8.0"}, {"name": "openvpn_client", "version": "0.6.0"}, {"name": "password", "version": "5.2.0"}, {"name": "remote", "version": "5.2.0"}, {"name": "router_notifications", "version": "5.2.0
Oct 21 22:33:05 shulyaka foris-controller[27440]: DEBUG:foris_client.buses.mqtt:Msg for 'foris-controller/0000000B000128C9/notification/remote/action/advertize' was processed
Oct 21 22:33:06 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Starting to validate announcement notification.
Oct 21 22:33:06 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Publishing announcement notification. ({'module': 'remote', 'action': 'advertize', 'kind': 'notification', 'data': {'state': 'running', 'id': '0000000B000128C9', 'hostname': 'shulyaka.org.ru', 'netboot': 'no', 'modules': [{'name': 'about', 'version': '5.2.0'}, {'name': 'diagnostics', 'version': '1.0.5'}, {'name': 'dns', 'version': '5.2.0'}, {'name': 'guest', 'version': '5.2.0'}, {'name': 'haas', 'version': '0.1.1'}, {'name': 'introspect', 'version': '5.2.0'}, {'name': 'lan', 'version': '5.2.0'}, {'name': 'maintain', 'version': '5.2.0'}, {'name': 'netmetr', 'version': '0.4.2'}, {'name': 'networks', 'version': '5.2.0'}, {'name': 'nextcloud', 'version': '0.2.0'}, {'name': 'openvpn', 'version': '0.8.0'}, {'name': 'openvpn_client', 'version': '0.6.0'}, {'name': 'password', 'version': '5.2.0'}, {'name': 'remote', 'version': '5.2.0'}, {'name': 'router_notifications', 'version': '5.2.0'}, {'name': 'schnapps', 'version': '0.5'}, {'name': '
Oct 21 22:33:06 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Announcer thread published.
Oct 21 22:33:06 shulyaka foris-controller[27440]: DEBUG:foris_client.buses.mqtt:Msg recieved for 'foris-controller/0000000B000128C9/notification/remote/action/advertize' (msg=b'{"module": "remote", "action": "advertize", "kind": "notification", "data": {"state": "running", "id": "0000000B000128C9", "hostname": "shulyaka.org.ru", "netboot": "no", "modules": [{"name": "about", "version": "5.2.0"}, {"name": "diagnostics", "version": "1.0.5"}, {"name": "dns", "version": "5.2.0"}, {"name": "guest", "version": "5.2.0"}, {"name": "haas", "version": "0.1.1"}, {"name": "introspect", "version": "5.2.0"}, {"name": "lan", "version": "5.2.0"}, {"name": "maintain", "version": "5.2.0"}, {"name": "netmetr", "version": "0.4.2"}, {"name": "networks", "version": "5.2.0"}, {"name": "nextcloud", "version": "0.2.0"}, {"name": "openvpn", "version": "0.8.0"}, {"name": "openvpn_client", "version": "0.6.0"}, {"name": "password", "version": "5.2.0"}, {"name": "remote", "version": "5.2.0"}, {"name": "router_notifications", "version": "5.2.0
Oct 21 22:33:06 shulyaka foris-controller[27440]: DEBUG:foris_client.buses.mqtt:Msg for 'foris-controller/0000000B000128C9/notification/remote/action/advertize' was processed
Oct 21 22:33:07 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Starting to validate announcement notification.
Oct 21 22:33:07 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Publishing announcement notification. ({'module': 'remote', 'action': 'advertize', 'kind': 'notification', 'data': {'state': 'running', 'id': '0000000B000128C9', 'hostname': 'shulyaka.org.ru', 'netboot': 'no', 'modules': [{'name': 'about', 'version': '5.2.0'}, {'name': 'diagnostics', 'version': '1.0.5'}, {'name': 'dns', 'version': '5.2.0'}, {'name': 'guest', 'version': '5.2.0'}, {'name': 'haas', 'version': '0.1.1'}, {'name': 'introspect', 'version': '5.2.0'}, {'name': 'lan', 'version': '5.2.0'}, {'name': 'maintain', 'version': '5.2.0'}, {'name': 'netmetr', 'version': '0.4.2'}, {'name': 'networks', 'version': '5.2.0'}, {'name': 'nextcloud', 'version': '0.2.0'}, {'name': 'openvpn', 'version': '0.8.0'}, {'name': 'openvpn_client', 'version': '0.6.0'}, {'name': 'password', 'version': '5.2.0'}, {'name': 'remote', 'version': '5.2.0'}, {'name': 'router_notifications', 'version': '5.2.0'}, {'name': 'schnapps', 'version': '0.5'}, {'name': '
Oct 21 22:33:07 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Announcer thread published.
Oct 21 22:33:07 shulyaka foris-controller[27440]: DEBUG:foris_client.buses.mqtt:Msg recieved for 'foris-controller/0000000B000128C9/notification/remote/action/advertize' (msg=b'{"module": "remote", "action": "advertize", "kind": "notification", "data": {"state": "running", "id": "0000000B000128C9", "hostname": "shulyaka.org.ru", "netboot": "no", "modules": [{"name": "about", "version": "5.2.0"}, {"name": "diagnostics", "version": "1.0.5"}, {"name": "dns", "version": "5.2.0"}, {"name": "guest", "version": "5.2.0"}, {"name": "haas", "version": "0.1.1"}, {"name": "introspect", "version": "5.2.0"}, {"name": "lan", "version": "5.2.0"}, {"name": "maintain", "version": "5.2.0"}, {"name": "netmetr", "version": "0.4.2"}, {"name": "networks", "version": "5.2.0"}, {"name": "nextcloud", "version": "0.2.0"}, {"name": "openvpn", "version": "0.8.0"}, {"name": "openvpn_client", "version": "0.6.0"}, {"name": "password", "version": "5.2.0"}, {"name": "remote", "version": "5.2.0"}, {"name": "router_notifications", "version": "5.2.0
Oct 21 22:33:07 shulyaka foris-controller[27440]: DEBUG:foris_client.buses.mqtt:Msg for 'foris-controller/0000000B000128C9/notification/remote/action/advertize' was processed
Oct 21 22:33:08 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Starting to validate announcement notification.
Oct 21 22:33:08 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Publishing announcement notification. ({'module': 'remote', 'action': 'advertize', 'kind': 'notification', 'data': {'state': 'running', 'id': '0000000B000128C9', 'hostname': 'shulyaka.org.ru', 'netboot': 'no', 'modules': [{'name': 'about', 'version': '5.2.0'}, {'name': 'diagnostics', 'version': '1.0.5'}, {'name': 'dns', 'version': '5.2.0'}, {'name': 'guest', 'version': '5.2.0'}, {'name': 'haas', 'version': '0.1.1'}, {'name': 'introspect', 'version': '5.2.0'}, {'name': 'lan', 'version': '5.2.0'}, {'name': 'maintain', 'version': '5.2.0'}, {'name': 'netmetr', 'version': '0.4.2'}, {'name': 'networks', 'version': '5.2.0'}, {'name': 'nextcloud', 'version': '0.2.0'}, {'name': 'openvpn', 'version': '0.8.0'}, {'name': 'openvpn_client', 'version': '0.6.0'}, {'name': 'password', 'version': '5.2.0'}, {'name': 'remote', 'version': '5.2.0'}, {'name': 'router_notifications', 'version': '5.2.0'}, {'name': 'schnapps', 'version': '0.5'}, {'name': '
Oct 21 22:33:08 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Announcer thread published.
Oct 21 22:33:08 shulyaka foris-controller[27440]: DEBUG:foris_client.buses.mqtt:Msg recieved for 'foris-controller/0000000B000128C9/notification/remote/action/advertize' (msg=b'{"module": "remote", "action": "advertize", "kind": "notification", "data": {"state": "running", "id": "0000000B000128C9", "hostname": "shulyaka.org.ru", "netboot": "no", "modules": [{"name": "about", "version": "5.2.0"}, {"name": "diagnostics", "version": "1.0.5"}, {"name": "dns", "version": "5.2.0"}, {"name": "guest", "version": "5.2.0"}, {"name": "haas", "version": "0.1.1"}, {"name": "introspect", "version": "5.2.0"}, {"name": "lan", "version": "5.2.0"}, {"name": "maintain", "version": "5.2.0"}, {"name": "netmetr", "version": "0.4.2"}, {"name": "networks", "version": "5.2.0"}, {"name": "nextcloud", "version": "0.2.0"}, {"name": "openvpn", "version": "0.8.0"}, {"name": "openvpn_client", "version": "0.6.0"}, {"name": "password", "version": "5.2.0"}, {"name": "remote", "version": "5.2.0"}, {"name": "router_notifications", "version": "5.2.0
Oct 21 22:33:08 shulyaka foris-controller[27440]: DEBUG:foris_client.buses.mqtt:Msg for 'foris-controller/0000000B000128C9/notification/remote/action/advertize' was processed
Oct 21 22:33:09 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Starting to validate announcement notification.
Oct 21 22:33:09 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Publishing announcement notification. ({'module': 'remote', 'action': 'advertize', 'kind': 'notification', 'data': {'state': 'running', 'id': '0000000B000128C9', 'hostname': 'shulyaka.org.ru', 'netboot': 'no', 'modules': [{'name': 'about', 'version': '5.2.0'}, {'name': 'diagnostics', 'version': '1.0.5'}, {'name': 'dns', 'version': '5.2.0'}, {'name': 'guest', 'version': '5.2.0'}, {'name': 'haas', 'version': '0.1.1'}, {'name': 'introspect', 'version': '5.2.0'}, {'name': 'lan', 'version': '5.2.0'}, {'name': 'maintain', 'version': '5.2.0'}, {'name': 'netmetr', 'version': '0.4.2'}, {'name': 'networks', 'version': '5.2.0'}, {'name': 'nextcloud', 'version': '0.2.0'}, {'name': 'openvpn', 'version': '0.8.0'}, {'name': 'openvpn_client', 'version': '0.6.0'}, {'name': 'password', 'version': '5.2.0'}, {'name': 'remote', 'version': '5.2.0'}, {'name': 'router_notifications', 'version': '5.2.0'}, {'name': 'schnapps', 'version': '0.5'}, {'name': '
Oct 21 22:33:09 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Announcer thread published.
Oct 21 22:33:09 shulyaka foris-controller[27440]: DEBUG:foris_client.buses.mqtt:Msg recieved for 'foris-controller/0000000B000128C9/notification/remote/action/advertize' (msg=b'{"module": "remote", "action": "advertize", "kind": "notification", "data": {"state": "running", "id": "0000000B000128C9", "hostname": "shulyaka.org.ru", "netboot": "no", "modules": [{"name": "about", "version": "5.2.0"}, {"name": "diagnostics", "version": "1.0.5"}, {"name": "dns", "version": "5.2.0"}, {"name": "guest", "version": "5.2.0"}, {"name": "haas", "version": "0.1.1"}, {"name": "introspect", "version": "5.2.0"}, {"name": "lan", "version": "5.2.0"}, {"name": "maintain", "version": "5.2.0"}, {"name": "netmetr", "version": "0.4.2"}, {"name": "networks", "version": "5.2.0"}, {"name": "nextcloud", "version": "0.2.0"}, {"name": "openvpn", "version": "0.8.0"}, {"name": "openvpn_client", "version": "0.6.0"}, {"name": "password", "version": "5.2.0"}, {"name": "remote", "version": "5.2.0"}, {"name": "router_notifications", "version": "5.2.0
Oct 21 22:33:09 shulyaka foris-controller[27440]: DEBUG:foris_client.buses.mqtt:Msg for 'foris-controller/0000000B000128C9/notification/remote/action/advertize' was processed
Oct 21 22:33:10 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Starting to validate announcement notification.
Oct 21 22:33:10 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Publishing announcement notification. ({'module': 'remote', 'action': 'advertize', 'kind': 'notification', 'data': {'state': 'running', 'id': '0000000B000128C9', 'hostname': 'shulyaka.org.ru', 'netboot': 'no', 'modules': [{'name': 'about', 'version': '5.2.0'}, {'name': 'diagnostics', 'version': '1.0.5'}, {'name': 'dns', 'version': '5.2.0'}, {'name': 'guest', 'version': '5.2.0'}, {'name': 'haas', 'version': '0.1.1'}, {'name': 'introspect', 'version': '5.2.0'}, {'name': 'lan', 'version': '5.2.0'}, {'name': 'maintain', 'version': '5.2.0'}, {'name': 'netmetr', 'version': '0.4.2'}, {'name': 'networks', 'version': '5.2.0'}, {'name': 'nextcloud', 'version': '0.2.0'}, {'name': 'openvpn', 'version': '0.8.0'}, {'name': 'openvpn_client', 'version': '0.6.0'}, {'name': 'password', 'version': '5.2.0'}, {'name': 'remote', 'version': '5.2.0'}, {'name': 'router_notifications', 'version': '5.2.0'}, {'name': 'schnapps', 'version': '0.5'}, {'name': '
Oct 21 22:33:10 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Announcer thread published.
Oct 21 22:33:10 shulyaka foris-controller[27440]: DEBUG:foris_client.buses.mqtt:Msg recieved for 'foris-controller/0000000B000128C9/notification/remote/action/advertize' (msg=b'{"module": "remote", "action": "advertize", "kind": "notification", "data": {"state": "running", "id": "0000000B000128C9", "hostname": "shulyaka.org.ru", "netboot": "no", "modules": [{"name": "about", "version": "5.2.0"}, {"name": "diagnostics", "version": "1.0.5"}, {"name": "dns", "version": "5.2.0"}, {"name": "guest", "version": "5.2.0"}, {"name": "haas", "version": "0.1.1"}, {"name": "introspect", "version": "5.2.0"}, {"name": "lan", "version": "5.2.0"}, {"name": "maintain", "version": "5.2.0"}, {"name": "netmetr", "version": "0.4.2"}, {"name": "networks", "version": "5.2.0"}, {"name": "nextcloud", "version": "0.2.0"}, {"name": "openvpn", "version": "0.8.0"}, {"name": "openvpn_client", "version": "0.6.0"}, {"name": "password", "version": "5.2.0"}, {"name": "remote", "version": "5.2.0"}, {"name": "router_notifications", "version": "5.2.0
Oct 21 22:33:10 shulyaka foris-controller[27440]: DEBUG:foris_client.buses.mqtt:Msg for 'foris-controller/0000000B000128C9/notification/remote/action/advertize' was processed
```
Is there any other logs I could get? These are probably not so informative.https://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues/27Migrate network configuration to the new OpenWrt 21.02 configuration2022-02-12T19:49:29+01:00Martin MatějekMigrate network configuration to the new OpenWrt 21.02 configurationComplementary issue to turris/foris-controller/foris-controller#204
Adjust it to be able to read both old and new config, but allow storing only new config syntax.
https://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-...Complementary issue to turris/foris-controller/foris-controller#204
Adjust it to be able to read both old and new config, but allow storing only new config syntax.
https://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/blob/master/foris_controller_backends/openvpn/__init__.py#L217-221Foris-controller 4.1.0https://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues/24When interupted, CA generation can't continue2023-05-11T14:41:08+02:00Michal HruseckyWhen interupted, CA generation can't continueI was trying to generate a new CA in 5.2 and because of #23 I lost patience and rebooted the router. Now I have no openssl process running, but the web page still claims that it is generating a CA. Not sure whether foris-controller issue...I was trying to generate a new CA in 5.2 and because of #23 I lost patience and rebooted the router. Now I have no openssl process running, but the web page still claims that it is generating a CA. Not sure whether foris-controller issue or cagen issue, feel fre to move/reassign.https://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues/23dh params generation takes awfully long2021-05-26T22:24:34+02:00Michal Hruseckydh params generation takes awfully longdh params should not be generated when user is creating a ca. It takes awfully long. Those are needed on server only and there is AFAIK no security issue if they are large enough (2048 and more) and well known. This issue was solved a lo...dh params should not be generated when user is creating a ca. It takes awfully long. Those are needed on server only and there is AFAIK no security issue if they are large enough (2048 and more) and well known. This issue was solved a long time ago by dhparam package that used shared big dhparams and started generating its own in the background which then replaced the shared one. To avoid blocking openvpn server setup, so people can start using it in few minutes not in half an hour. In foris controller, it should be quite easy to fix, but needs to resurrect dhparams package.
Caused by turris/foris-controller/foris-controller-openvpn-module!4 and turris/os/packages!606, so assigning @kkocihttps://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues/20Server configuration broken after adding client2022-01-18T14:55:09+01:00Lukas JelinekServer configuration broken after adding clientI've create a new client configuration (several older configurations were already there). Then reForis has started to display (on **Server Setting**): _An error occurred while fetching data._
It looks that the configuration contains som...I've create a new client configuration (several older configurations were already there). Then reForis has started to display (on **Server Setting**): _An error occurred while fetching data._
It looks that the configuration contains some unparseable data.
`/var/log/messages` contains lines like these ones:
```log
Dec 6 19:54:20 turris foris-controller[5204]: ERROR:foris_controller_backends.uci:Uci transaction terminated.
Dec 6 19:54:20 turris foris-controller[5204]: ERROR:foris_controller.message_router:Internal error occured <class 'foris_controller.exceptions.UciException'>('['uci', '-n', '-c', '/etc/config/', '-P', '/tmp/.uci-foris-controller', 'export', 'openvpn']: command failed (b'uci: Parse error (invalid character in name field) at line 61, byte 25\n')'):
```
And `/var/log/lighttpd/error.log` contains:
```log
2020-12-06 20:54:20: (mod_fastcgi.c.421) FastCGI-stderr: [2020-12-06 20:54:20,811] ERROR in backend: Exception in backend occurred. (Controller error(s) has occured:
2020-12-06 20:54:20: (mod_fastcgi.c.421) FastCGI-stderr: Traceback (most recent call last):
2020-12-06 20:54:20: (mod_fastcgi.c.421) FastCGI-stderr: File "/usr/lib/python3.7/site-packages/foris_controller/message_router.py", line 117, in process_message
2020-12-06 20:54:20: (mod_fastcgi.c.421) FastCGI-stderr: File "/usr/lib/python3.7/site-packages/foris_controller/module_base.py", line 61, in perform_action
2020-12-06 20:54:20: (mod_fastcgi.c.421) FastCGI-stderr: File "/usr/lib/python3.7/site-packages/foris_controller_modules/openvpn/__init__.py", line 63, in action_get_settings
2020-12-06 20:54:20: (mod_fastcgi.c.421) FastCGI-stderr: File "/usr/lib/python3.7/site-packages/foris_controller/utils.py", line 111, in inner
2020-12-06 20:54:20: (mod_fastcgi.c.421) FastCGI-stderr: File "/usr/lib/python3.7/site-packages/foris_controller_modules/openvpn/handlers/openwrt.py", line 61, in get_settings
2020-12-06 20:54:20: (mod_fastcgi.c.421) FastCGI-stderr: File "/usr/lib/python3.7/site-packages/foris_controller_backends/openvpn/__init__.py", line 154, in get_settings
2020-12-06 20:54:20: (mod_fastcgi.c.421) FastCGI-stderr: File "/usr/lib/python3.7/site-packages/foris_controller_backends/uci/__init__.py", line 341, in read
2020-12-06 20:54:20: (mod_fastcgi.c.421) FastCGI-stderr: File "/usr/lib/python3.7/site-packages/foris_controller_backends/uci/__init__.py", line 347, in export_data
2020-12-06 20:54:20: (mod_fastcgi.c.421) FastCGI-stderr: File "/usr/lib/python3.7/site-packages/foris_controller_backends/uci/__init__.py", line 182, in _run_uci_command
2020-12-06 20:54:20: (mod_fastcgi.c.421) FastCGI-stderr: foris_controller.exceptions.UciException: ['uci', '-n', '-c', '/etc/config/', '-P', '/tmp/.uci-foris-controller', 'export', 'openvpn']: command failed (b'uci: Parse error (invalid character in name field) at line 61, byte 25\n')
2020-12-06 20:54:20: (mod_fastcgi.c.421) FastCGI-stderr: Internal error ['uci', '-n', '-c', '/etc/config/', '-P', '/tmp/.uci-foris-controller', 'export', 'openvpn']: command failed (b'uci: Parse error (invalid character in name field) at line 61, byte 25\n')('<class 'foris_controller.exceptions.UciException'>')
2020-12-06 20:54:20: (mod_fastcgi.c.421) FastCGI-stderr: )
```
Device: Turris Omnia
TOS version: 5.1.4 (HBS)https://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues/17Change topology net30 to topology subnet2021-05-03T13:17:11+02:00Jan BetikChange topology net30 to topology subnetBy default, the OpenVPN server sends to the client the option **topology net30**
```
Nov 6 15:58:45 omnia1 openvpn(turris)[8508]: PUSH: Received control message: 'PUSH_REPLY,route 198.18.2.0 255.255.255.0,route 48.0.0.0 255.255.0.0,route...By default, the OpenVPN server sends to the client the option **topology net30**
```
Nov 6 15:58:45 omnia1 openvpn(turris)[8508]: PUSH: Received control message: 'PUSH_REPLY,route 198.18.2.0 255.255.255.0,route 48.0.0.0 255.255.0.0,route 10.111.111.1,topology net30,ping 10,ping-restart 120,ifconfig 10.111.111.6 10.111.111.5,peer-id 0,cipher AES-256-GCM'
```
This option is deprecated and for legacy clients only (year 2014). By configuring the **topology subnet** directive, it makes the routing table easier to read and simplifies the routing.
```
uci set openvpn.server_turris.topology='subnet'
```
```
Nov 6 16:10:42 omnia1 openvpn(turris)[11847]: PUSH: Received control message: 'PUSH_REPLY,route 198.18.2.0 255.255.255.0,route 48.0.0.0 255.255.0.0,route-gateway 10.111.111.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.111.111.4 255.255.255.0,peer-id 0,cipher AES-256-GCM'
```
[OpenVPN Topology](https://community.openvpn.net/openvpn/wiki/Topology)Filip HronFilip Hronhttps://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues/16remove unicode strings as depraceted by utilizing python32020-11-11T12:13:03+01:00Filip Hronremove unicode strings as depraceted by utilizing python3unicode strings are no longer required in pythonunicode strings are no longer required in pythonFilip HronFilip Hronhttps://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues/15Return certificate name within get_client_config api call2020-11-11T12:13:03+01:00Martin MatějekReturn certificate name within get_client_config api callWe should also return certificate name so we could use it on frontend when offering download of such file.
Just add `name` to json schema reply:
https://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/blob/maste...We should also return certificate name so we could use it on frontend when offering download of such file.
Just add `name` to json schema reply:
https://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/blob/master/foris_controller_modules/openvpn/schema/openvpn.json#L426
We could reuse or get inspiration by this object:
https://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/blob/master/foris_controller_modules/openvpn/schema/openvpn.json#L84
Dependency for: turris/reforis/reforis-openvpn#17Filip HronFilip Hronhttps://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues/14set cipher in config2020-12-10T23:33:44+01:00Martin Matějekset cipher in configClient configuration generated in (re)Foris doesn't have `cipher` set.
Some OpenVPN clients (such as Passepartout) refuse to import and use that config.
Simply setting `cipher` in openvpn config will fix this issue.
Support ticket: #1...Client configuration generated in (re)Foris doesn't have `cipher` set.
Some OpenVPN clients (such as Passepartout) refuse to import and use that config.
Simply setting `cipher` in openvpn config will fix this issue.
Support ticket: #1107487https://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues/13Update push route when LAN subnet changes2021-08-05T22:54:03+02:00Vojtech MyslivecUpdate push route when LAN subnet changesWhen you have OpenVPN server configured and then changed LAN subnet, push route to the LAN segment in the `/etc/config/openvpn` stays with the original LAN subnet.
Changing LAN subnet in the *Foris interface should update OpenVPN push r...When you have OpenVPN server configured and then changed LAN subnet, push route to the LAN segment in the `/etc/config/openvpn` stays with the original LAN subnet.
Changing LAN subnet in the *Foris interface should update OpenVPN push route configuration as well.Foris Controller 2.1.0https://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues/3OpenVPN plugin does not restart services2018-07-30T16:07:01+02:00Vojtech MyslivecOpenVPN plugin does not restart servicesIt seems OpenVPN plugin does not restart services after enabling the plugin.
VPN is handling with firewall zones, rules and VPN configuration (i.e. IP address of `tun_turris` interface).
The plugin should restart `firewall` and `openvp...It seems OpenVPN plugin does not restart services after enabling the plugin.
VPN is handling with firewall zones, rules and VPN configuration (i.e. IP address of `tun_turris` interface).
The plugin should restart `firewall` and `openvpn` services after config change.Štěpán HenekŠtěpán Henek