foris-controller-openvpn-module issueshttps://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues2024-03-07T16:44:16+01:00https://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues/32tls_auth2024-03-07T16:44:16+01:00Štěpán Henektls_authit might be nice to generate tls_auth somehowit might be nice to generate tls_auth somehowŠtěpán HenekŠtěpán Henekhttps://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues/31Display list of activelly connected clients2022-12-16T10:31:31+01:00Michal HruseckyDisplay list of activelly connected clientsWould be nice to see whether somebody is currently connected and who it is.Would be nice to see whether somebody is currently connected and who it is.https://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues/30Timeout on saving settings2023-01-10T15:00:09+01:00Denis ShulyakaTimeout on saving settingsHi! After upgrading to TOS6 [HBT] I am unable to save OpenVPN server settings. The HTTP PUT request to /reforis/openvpn/api/server-settings times out.
lighttpd error log with enabled fastcgi.debug in /usr/libexec/reforis/lighttpd-dynami...Hi! After upgrading to TOS6 [HBT] I am unable to save OpenVPN server settings. The HTTP PUT request to /reforis/openvpn/api/server-settings times out.
lighttpd error log with enabled fastcgi.debug in /usr/libexec/reforis/lighttpd-dynamic:
```
2022-10-22 01:33:04: (../src/gw_backend.c.967) gw - found a host 0
2022-10-22 01:33:04: (../src/gw_backend.c.272) got proc: pid: 10182 socket: unix:/tmp/fastcgi.turris_auth.socket-0 load: 1
2022-10-22 01:33:04: (../src/gw_backend.c.347) released proc: pid: 10182 socket: unix:/tmp/fastcgi.turris_auth.socket-0 load: 0
2022-10-22 01:33:04: (../src/gw_backend.c.967) gw - found a host 0
2022-10-22 01:33:04: (../src/gw_backend.c.272) got proc: pid: 11113 socket: unix:/tmp/fastcgi.reforis.socket-0 load: 1
2022-10-22 01:33:35: (../src/gw_backend.c.347) released proc: pid: 11113 socket: unix:/tmp/fastcgi.reforis.socket-0 load: 0
2022-10-22 01:36:05: (../src/gw_backend.c.2845) idle-timeout reached, terminating child: socket: /tmp/fastcgi.reforis.socket-0 pid 11113
```
Debug log from syslog:
```
Oct 21 22:33:00 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Starting to validate announcement notification.
Oct 21 22:33:00 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Publishing announcement notification. ({'module': 'remote', 'action': 'advertize', 'kind': 'notification', 'data': {'state': 'running', 'id': '0000000B000128C9', 'hostname': 'shulyaka.org.ru', 'netboot': 'no', 'modules': [{'name': 'about', 'version': '5.2.0'}, {'name': 'diagnostics', 'version': '1.0.5'}, {'name': 'dns', 'version': '5.2.0'}, {'name': 'guest', 'version': '5.2.0'}, {'name': 'haas', 'version': '0.1.1'}, {'name': 'introspect', 'version': '5.2.0'}, {'name': 'lan', 'version': '5.2.0'}, {'name': 'maintain', 'version': '5.2.0'}, {'name': 'netmetr', 'version': '0.4.2'}, {'name': 'networks', 'version': '5.2.0'}, {'name': 'nextcloud', 'version': '0.2.0'}, {'name': 'openvpn', 'version': '0.8.0'}, {'name': 'openvpn_client', 'version': '0.6.0'}, {'name': 'password', 'version': '5.2.0'}, {'name': 'remote', 'version': '5.2.0'}, {'name': 'router_notifications', 'version': '5.2.0'}, {'name': 'schnapps', 'version': '0.5'}, {'name': '
Oct 21 22:33:00 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Announcer thread published.
Oct 21 22:33:00 shulyaka foris-controller[27440]: DEBUG:foris_client.buses.mqtt:Msg recieved for 'foris-controller/0000000B000128C9/notification/remote/action/advertize' (msg=b'{"module": "remote", "action": "advertize", "kind": "notification", "data": {"state": "running", "id": "0000000B000128C9", "hostname": "shulyaka.org.ru", "netboot": "no", "modules": [{"name": "about", "version": "5.2.0"}, {"name": "diagnostics", "version": "1.0.5"}, {"name": "dns", "version": "5.2.0"}, {"name": "guest", "version": "5.2.0"}, {"name": "haas", "version": "0.1.1"}, {"name": "introspect", "version": "5.2.0"}, {"name": "lan", "version": "5.2.0"}, {"name": "maintain", "version": "5.2.0"}, {"name": "netmetr", "version": "0.4.2"}, {"name": "networks", "version": "5.2.0"}, {"name": "nextcloud", "version": "0.2.0"}, {"name": "openvpn", "version": "0.8.0"}, {"name": "openvpn_client", "version": "0.6.0"}, {"name": "password", "version": "5.2.0"}, {"name": "remote", "version": "5.2.0"}, {"name": "router_notifications", "version": "5.2.0
Oct 21 22:33:00 shulyaka foris-controller[27440]: DEBUG:foris_client.buses.mqtt:Msg for 'foris-controller/0000000B000128C9/notification/remote/action/advertize' was processed
Oct 21 22:33:01 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Starting to validate announcement notification.
Oct 21 22:33:01 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Publishing announcement notification. ({'module': 'remote', 'action': 'advertize', 'kind': 'notification', 'data': {'state': 'running', 'id': '0000000B000128C9', 'hostname': 'shulyaka.org.ru', 'netboot': 'no', 'modules': [{'name': 'about', 'version': '5.2.0'}, {'name': 'diagnostics', 'version': '1.0.5'}, {'name': 'dns', 'version': '5.2.0'}, {'name': 'guest', 'version': '5.2.0'}, {'name': 'haas', 'version': '0.1.1'}, {'name': 'introspect', 'version': '5.2.0'}, {'name': 'lan', 'version': '5.2.0'}, {'name': 'maintain', 'version': '5.2.0'}, {'name': 'netmetr', 'version': '0.4.2'}, {'name': 'networks', 'version': '5.2.0'}, {'name': 'nextcloud', 'version': '0.2.0'}, {'name': 'openvpn', 'version': '0.8.0'}, {'name': 'openvpn_client', 'version': '0.6.0'}, {'name': 'password', 'version': '5.2.0'}, {'name': 'remote', 'version': '5.2.0'}, {'name': 'router_notifications', 'version': '5.2.0'}, {'name': 'schnapps', 'version': '0.5'}, {'name': '
Oct 21 22:33:01 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Announcer thread published.
Oct 21 22:33:01 shulyaka foris-controller[27440]: DEBUG:foris_client.buses.mqtt:Msg recieved for 'foris-controller/0000000B000128C9/notification/remote/action/advertize' (msg=b'{"module": "remote", "action": "advertize", "kind": "notification", "data": {"state": "running", "id": "0000000B000128C9", "hostname": "shulyaka.org.ru", "netboot": "no", "modules": [{"name": "about", "version": "5.2.0"}, {"name": "diagnostics", "version": "1.0.5"}, {"name": "dns", "version": "5.2.0"}, {"name": "guest", "version": "5.2.0"}, {"name": "haas", "version": "0.1.1"}, {"name": "introspect", "version": "5.2.0"}, {"name": "lan", "version": "5.2.0"}, {"name": "maintain", "version": "5.2.0"}, {"name": "netmetr", "version": "0.4.2"}, {"name": "networks", "version": "5.2.0"}, {"name": "nextcloud", "version": "0.2.0"}, {"name": "openvpn", "version": "0.8.0"}, {"name": "openvpn_client", "version": "0.6.0"}, {"name": "password", "version": "5.2.0"}, {"name": "remote", "version": "5.2.0"}, {"name": "router_notifications", "version": "5.2.0
Oct 21 22:33:01 shulyaka foris-controller[27440]: DEBUG:foris_client.buses.mqtt:Msg for 'foris-controller/0000000B000128C9/notification/remote/action/advertize' was processed
Oct 21 22:33:02 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Starting to validate announcement notification.
Oct 21 22:33:02 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Publishing announcement notification. ({'module': 'remote', 'action': 'advertize', 'kind': 'notification', 'data': {'state': 'running', 'id': '0000000B000128C9', 'hostname': 'shulyaka.org.ru', 'netboot': 'no', 'modules': [{'name': 'about', 'version': '5.2.0'}, {'name': 'diagnostics', 'version': '1.0.5'}, {'name': 'dns', 'version': '5.2.0'}, {'name': 'guest', 'version': '5.2.0'}, {'name': 'haas', 'version': '0.1.1'}, {'name': 'introspect', 'version': '5.2.0'}, {'name': 'lan', 'version': '5.2.0'}, {'name': 'maintain', 'version': '5.2.0'}, {'name': 'netmetr', 'version': '0.4.2'}, {'name': 'networks', 'version': '5.2.0'}, {'name': 'nextcloud', 'version': '0.2.0'}, {'name': 'openvpn', 'version': '0.8.0'}, {'name': 'openvpn_client', 'version': '0.6.0'}, {'name': 'password', 'version': '5.2.0'}, {'name': 'remote', 'version': '5.2.0'}, {'name': 'router_notifications', 'version': '5.2.0'}, {'name': 'schnapps', 'version': '0.5'}, {'name': '
Oct 21 22:33:02 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Announcer thread published.
Oct 21 22:33:02 shulyaka foris-controller[27440]: DEBUG:foris_client.buses.mqtt:Msg recieved for 'foris-controller/0000000B000128C9/notification/remote/action/advertize' (msg=b'{"module": "remote", "action": "advertize", "kind": "notification", "data": {"state": "running", "id": "0000000B000128C9", "hostname": "shulyaka.org.ru", "netboot": "no", "modules": [{"name": "about", "version": "5.2.0"}, {"name": "diagnostics", "version": "1.0.5"}, {"name": "dns", "version": "5.2.0"}, {"name": "guest", "version": "5.2.0"}, {"name": "haas", "version": "0.1.1"}, {"name": "introspect", "version": "5.2.0"}, {"name": "lan", "version": "5.2.0"}, {"name": "maintain", "version": "5.2.0"}, {"name": "netmetr", "version": "0.4.2"}, {"name": "networks", "version": "5.2.0"}, {"name": "nextcloud", "version": "0.2.0"}, {"name": "openvpn", "version": "0.8.0"}, {"name": "openvpn_client", "version": "0.6.0"}, {"name": "password", "version": "5.2.0"}, {"name": "remote", "version": "5.2.0"}, {"name": "router_notifications", "version": "5.2.0
Oct 21 22:33:02 shulyaka foris-controller[27440]: DEBUG:foris_client.buses.mqtt:Msg for 'foris-controller/0000000B000128C9/notification/remote/action/advertize' was processed
Oct 21 22:33:03 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Starting to validate announcement notification.
Oct 21 22:33:03 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Publishing announcement notification. ({'module': 'remote', 'action': 'advertize', 'kind': 'notification', 'data': {'state': 'running', 'id': '0000000B000128C9', 'hostname': 'shulyaka.org.ru', 'netboot': 'no', 'modules': [{'name': 'about', 'version': '5.2.0'}, {'name': 'diagnostics', 'version': '1.0.5'}, {'name': 'dns', 'version': '5.2.0'}, {'name': 'guest', 'version': '5.2.0'}, {'name': 'haas', 'version': '0.1.1'}, {'name': 'introspect', 'version': '5.2.0'}, {'name': 'lan', 'version': '5.2.0'}, {'name': 'maintain', 'version': '5.2.0'}, {'name': 'netmetr', 'version': '0.4.2'}, {'name': 'networks', 'version': '5.2.0'}, {'name': 'nextcloud', 'version': '0.2.0'}, {'name': 'openvpn', 'version': '0.8.0'}, {'name': 'openvpn_client', 'version': '0.6.0'}, {'name': 'password', 'version': '5.2.0'}, {'name': 'remote', 'version': '5.2.0'}, {'name': 'router_notifications', 'version': '5.2.0'}, {'name': 'schnapps', 'version': '0.5'}, {'name': '
Oct 21 22:33:03 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Announcer thread published.
Oct 21 22:33:03 shulyaka foris-controller[27440]: DEBUG:foris_client.buses.mqtt:Msg recieved for 'foris-controller/0000000B000128C9/notification/remote/action/advertize' (msg=b'{"module": "remote", "action": "advertize", "kind": "notification", "data": {"state": "running", "id": "0000000B000128C9", "hostname": "shulyaka.org.ru", "netboot": "no", "modules": [{"name": "about", "version": "5.2.0"}, {"name": "diagnostics", "version": "1.0.5"}, {"name": "dns", "version": "5.2.0"}, {"name": "guest", "version": "5.2.0"}, {"name": "haas", "version": "0.1.1"}, {"name": "introspect", "version": "5.2.0"}, {"name": "lan", "version": "5.2.0"}, {"name": "maintain", "version": "5.2.0"}, {"name": "netmetr", "version": "0.4.2"}, {"name": "networks", "version": "5.2.0"}, {"name": "nextcloud", "version": "0.2.0"}, {"name": "openvpn", "version": "0.8.0"}, {"name": "openvpn_client", "version": "0.6.0"}, {"name": "password", "version": "5.2.0"}, {"name": "remote", "version": "5.2.0"}, {"name": "router_notifications", "version": "5.2.0
Oct 21 22:33:03 shulyaka foris-controller[27440]: DEBUG:foris_client.buses.mqtt:Msg for 'foris-controller/0000000B000128C9/notification/remote/action/advertize' was processed
Oct 21 22:33:04 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Starting to validate announcement notification.
Oct 21 22:33:04 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Publishing announcement notification. ({'module': 'remote', 'action': 'advertize', 'kind': 'notification', 'data': {'state': 'running', 'id': '0000000B000128C9', 'hostname': 'shulyaka.org.ru', 'netboot': 'no', 'modules': [{'name': 'about', 'version': '5.2.0'}, {'name': 'diagnostics', 'version': '1.0.5'}, {'name': 'dns', 'version': '5.2.0'}, {'name': 'guest', 'version': '5.2.0'}, {'name': 'haas', 'version': '0.1.1'}, {'name': 'introspect', 'version': '5.2.0'}, {'name': 'lan', 'version': '5.2.0'}, {'name': 'maintain', 'version': '5.2.0'}, {'name': 'netmetr', 'version': '0.4.2'}, {'name': 'networks', 'version': '5.2.0'}, {'name': 'nextcloud', 'version': '0.2.0'}, {'name': 'openvpn', 'version': '0.8.0'}, {'name': 'openvpn_client', 'version': '0.6.0'}, {'name': 'password', 'version': '5.2.0'}, {'name': 'remote', 'version': '5.2.0'}, {'name': 'router_notifications', 'version': '5.2.0'}, {'name': 'schnapps', 'version': '0.5'}, {'name': '
Oct 21 22:33:04 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Announcer thread published.
Oct 21 22:33:04 shulyaka foris-controller[27440]: DEBUG:foris_client.buses.mqtt:Msg recieved for 'foris-controller/0000000B000128C9/notification/remote/action/advertize' (msg=b'{"module": "remote", "action": "advertize", "kind": "notification", "data": {"state": "running", "id": "0000000B000128C9", "hostname": "shulyaka.org.ru", "netboot": "no", "modules": [{"name": "about", "version": "5.2.0"}, {"name": "diagnostics", "version": "1.0.5"}, {"name": "dns", "version": "5.2.0"}, {"name": "guest", "version": "5.2.0"}, {"name": "haas", "version": "0.1.1"}, {"name": "introspect", "version": "5.2.0"}, {"name": "lan", "version": "5.2.0"}, {"name": "maintain", "version": "5.2.0"}, {"name": "netmetr", "version": "0.4.2"}, {"name": "networks", "version": "5.2.0"}, {"name": "nextcloud", "version": "0.2.0"}, {"name": "openvpn", "version": "0.8.0"}, {"name": "openvpn_client", "version": "0.6.0"}, {"name": "password", "version": "5.2.0"}, {"name": "remote", "version": "5.2.0"}, {"name": "router_notifications", "version": "5.2.0
Oct 21 22:33:04 shulyaka foris-controller[27440]: DEBUG:foris_client.buses.mqtt:Msg for 'foris-controller/0000000B000128C9/notification/remote/action/advertize' was processed
Oct 21 22:33:05 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Starting to validate announcement notification.
Oct 21 22:33:05 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Publishing announcement notification. ({'module': 'remote', 'action': 'advertize', 'kind': 'notification', 'data': {'state': 'running', 'id': '0000000B000128C9', 'hostname': 'shulyaka.org.ru', 'netboot': 'no', 'modules': [{'name': 'about', 'version': '5.2.0'}, {'name': 'diagnostics', 'version': '1.0.5'}, {'name': 'dns', 'version': '5.2.0'}, {'name': 'guest', 'version': '5.2.0'}, {'name': 'haas', 'version': '0.1.1'}, {'name': 'introspect', 'version': '5.2.0'}, {'name': 'lan', 'version': '5.2.0'}, {'name': 'maintain', 'version': '5.2.0'}, {'name': 'netmetr', 'version': '0.4.2'}, {'name': 'networks', 'version': '5.2.0'}, {'name': 'nextcloud', 'version': '0.2.0'}, {'name': 'openvpn', 'version': '0.8.0'}, {'name': 'openvpn_client', 'version': '0.6.0'}, {'name': 'password', 'version': '5.2.0'}, {'name': 'remote', 'version': '5.2.0'}, {'name': 'router_notifications', 'version': '5.2.0'}, {'name': 'schnapps', 'version': '0.5'}, {'name': '
Oct 21 22:33:05 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Announcer thread published.
Oct 21 22:33:05 shulyaka foris-controller[27440]: DEBUG:foris_client.buses.mqtt:Msg recieved for 'foris-controller/0000000B000128C9/notification/remote/action/advertize' (msg=b'{"module": "remote", "action": "advertize", "kind": "notification", "data": {"state": "running", "id": "0000000B000128C9", "hostname": "shulyaka.org.ru", "netboot": "no", "modules": [{"name": "about", "version": "5.2.0"}, {"name": "diagnostics", "version": "1.0.5"}, {"name": "dns", "version": "5.2.0"}, {"name": "guest", "version": "5.2.0"}, {"name": "haas", "version": "0.1.1"}, {"name": "introspect", "version": "5.2.0"}, {"name": "lan", "version": "5.2.0"}, {"name": "maintain", "version": "5.2.0"}, {"name": "netmetr", "version": "0.4.2"}, {"name": "networks", "version": "5.2.0"}, {"name": "nextcloud", "version": "0.2.0"}, {"name": "openvpn", "version": "0.8.0"}, {"name": "openvpn_client", "version": "0.6.0"}, {"name": "password", "version": "5.2.0"}, {"name": "remote", "version": "5.2.0"}, {"name": "router_notifications", "version": "5.2.0
Oct 21 22:33:05 shulyaka foris-controller[27440]: DEBUG:foris_client.buses.mqtt:Msg for 'foris-controller/0000000B000128C9/notification/remote/action/advertize' was processed
Oct 21 22:33:06 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Starting to validate announcement notification.
Oct 21 22:33:06 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Publishing announcement notification. ({'module': 'remote', 'action': 'advertize', 'kind': 'notification', 'data': {'state': 'running', 'id': '0000000B000128C9', 'hostname': 'shulyaka.org.ru', 'netboot': 'no', 'modules': [{'name': 'about', 'version': '5.2.0'}, {'name': 'diagnostics', 'version': '1.0.5'}, {'name': 'dns', 'version': '5.2.0'}, {'name': 'guest', 'version': '5.2.0'}, {'name': 'haas', 'version': '0.1.1'}, {'name': 'introspect', 'version': '5.2.0'}, {'name': 'lan', 'version': '5.2.0'}, {'name': 'maintain', 'version': '5.2.0'}, {'name': 'netmetr', 'version': '0.4.2'}, {'name': 'networks', 'version': '5.2.0'}, {'name': 'nextcloud', 'version': '0.2.0'}, {'name': 'openvpn', 'version': '0.8.0'}, {'name': 'openvpn_client', 'version': '0.6.0'}, {'name': 'password', 'version': '5.2.0'}, {'name': 'remote', 'version': '5.2.0'}, {'name': 'router_notifications', 'version': '5.2.0'}, {'name': 'schnapps', 'version': '0.5'}, {'name': '
Oct 21 22:33:06 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Announcer thread published.
Oct 21 22:33:06 shulyaka foris-controller[27440]: DEBUG:foris_client.buses.mqtt:Msg recieved for 'foris-controller/0000000B000128C9/notification/remote/action/advertize' (msg=b'{"module": "remote", "action": "advertize", "kind": "notification", "data": {"state": "running", "id": "0000000B000128C9", "hostname": "shulyaka.org.ru", "netboot": "no", "modules": [{"name": "about", "version": "5.2.0"}, {"name": "diagnostics", "version": "1.0.5"}, {"name": "dns", "version": "5.2.0"}, {"name": "guest", "version": "5.2.0"}, {"name": "haas", "version": "0.1.1"}, {"name": "introspect", "version": "5.2.0"}, {"name": "lan", "version": "5.2.0"}, {"name": "maintain", "version": "5.2.0"}, {"name": "netmetr", "version": "0.4.2"}, {"name": "networks", "version": "5.2.0"}, {"name": "nextcloud", "version": "0.2.0"}, {"name": "openvpn", "version": "0.8.0"}, {"name": "openvpn_client", "version": "0.6.0"}, {"name": "password", "version": "5.2.0"}, {"name": "remote", "version": "5.2.0"}, {"name": "router_notifications", "version": "5.2.0
Oct 21 22:33:06 shulyaka foris-controller[27440]: DEBUG:foris_client.buses.mqtt:Msg for 'foris-controller/0000000B000128C9/notification/remote/action/advertize' was processed
Oct 21 22:33:07 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Starting to validate announcement notification.
Oct 21 22:33:07 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Publishing announcement notification. ({'module': 'remote', 'action': 'advertize', 'kind': 'notification', 'data': {'state': 'running', 'id': '0000000B000128C9', 'hostname': 'shulyaka.org.ru', 'netboot': 'no', 'modules': [{'name': 'about', 'version': '5.2.0'}, {'name': 'diagnostics', 'version': '1.0.5'}, {'name': 'dns', 'version': '5.2.0'}, {'name': 'guest', 'version': '5.2.0'}, {'name': 'haas', 'version': '0.1.1'}, {'name': 'introspect', 'version': '5.2.0'}, {'name': 'lan', 'version': '5.2.0'}, {'name': 'maintain', 'version': '5.2.0'}, {'name': 'netmetr', 'version': '0.4.2'}, {'name': 'networks', 'version': '5.2.0'}, {'name': 'nextcloud', 'version': '0.2.0'}, {'name': 'openvpn', 'version': '0.8.0'}, {'name': 'openvpn_client', 'version': '0.6.0'}, {'name': 'password', 'version': '5.2.0'}, {'name': 'remote', 'version': '5.2.0'}, {'name': 'router_notifications', 'version': '5.2.0'}, {'name': 'schnapps', 'version': '0.5'}, {'name': '
Oct 21 22:33:07 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Announcer thread published.
Oct 21 22:33:07 shulyaka foris-controller[27440]: DEBUG:foris_client.buses.mqtt:Msg recieved for 'foris-controller/0000000B000128C9/notification/remote/action/advertize' (msg=b'{"module": "remote", "action": "advertize", "kind": "notification", "data": {"state": "running", "id": "0000000B000128C9", "hostname": "shulyaka.org.ru", "netboot": "no", "modules": [{"name": "about", "version": "5.2.0"}, {"name": "diagnostics", "version": "1.0.5"}, {"name": "dns", "version": "5.2.0"}, {"name": "guest", "version": "5.2.0"}, {"name": "haas", "version": "0.1.1"}, {"name": "introspect", "version": "5.2.0"}, {"name": "lan", "version": "5.2.0"}, {"name": "maintain", "version": "5.2.0"}, {"name": "netmetr", "version": "0.4.2"}, {"name": "networks", "version": "5.2.0"}, {"name": "nextcloud", "version": "0.2.0"}, {"name": "openvpn", "version": "0.8.0"}, {"name": "openvpn_client", "version": "0.6.0"}, {"name": "password", "version": "5.2.0"}, {"name": "remote", "version": "5.2.0"}, {"name": "router_notifications", "version": "5.2.0
Oct 21 22:33:07 shulyaka foris-controller[27440]: DEBUG:foris_client.buses.mqtt:Msg for 'foris-controller/0000000B000128C9/notification/remote/action/advertize' was processed
Oct 21 22:33:08 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Starting to validate announcement notification.
Oct 21 22:33:08 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Publishing announcement notification. ({'module': 'remote', 'action': 'advertize', 'kind': 'notification', 'data': {'state': 'running', 'id': '0000000B000128C9', 'hostname': 'shulyaka.org.ru', 'netboot': 'no', 'modules': [{'name': 'about', 'version': '5.2.0'}, {'name': 'diagnostics', 'version': '1.0.5'}, {'name': 'dns', 'version': '5.2.0'}, {'name': 'guest', 'version': '5.2.0'}, {'name': 'haas', 'version': '0.1.1'}, {'name': 'introspect', 'version': '5.2.0'}, {'name': 'lan', 'version': '5.2.0'}, {'name': 'maintain', 'version': '5.2.0'}, {'name': 'netmetr', 'version': '0.4.2'}, {'name': 'networks', 'version': '5.2.0'}, {'name': 'nextcloud', 'version': '0.2.0'}, {'name': 'openvpn', 'version': '0.8.0'}, {'name': 'openvpn_client', 'version': '0.6.0'}, {'name': 'password', 'version': '5.2.0'}, {'name': 'remote', 'version': '5.2.0'}, {'name': 'router_notifications', 'version': '5.2.0'}, {'name': 'schnapps', 'version': '0.5'}, {'name': '
Oct 21 22:33:08 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Announcer thread published.
Oct 21 22:33:08 shulyaka foris-controller[27440]: DEBUG:foris_client.buses.mqtt:Msg recieved for 'foris-controller/0000000B000128C9/notification/remote/action/advertize' (msg=b'{"module": "remote", "action": "advertize", "kind": "notification", "data": {"state": "running", "id": "0000000B000128C9", "hostname": "shulyaka.org.ru", "netboot": "no", "modules": [{"name": "about", "version": "5.2.0"}, {"name": "diagnostics", "version": "1.0.5"}, {"name": "dns", "version": "5.2.0"}, {"name": "guest", "version": "5.2.0"}, {"name": "haas", "version": "0.1.1"}, {"name": "introspect", "version": "5.2.0"}, {"name": "lan", "version": "5.2.0"}, {"name": "maintain", "version": "5.2.0"}, {"name": "netmetr", "version": "0.4.2"}, {"name": "networks", "version": "5.2.0"}, {"name": "nextcloud", "version": "0.2.0"}, {"name": "openvpn", "version": "0.8.0"}, {"name": "openvpn_client", "version": "0.6.0"}, {"name": "password", "version": "5.2.0"}, {"name": "remote", "version": "5.2.0"}, {"name": "router_notifications", "version": "5.2.0
Oct 21 22:33:08 shulyaka foris-controller[27440]: DEBUG:foris_client.buses.mqtt:Msg for 'foris-controller/0000000B000128C9/notification/remote/action/advertize' was processed
Oct 21 22:33:09 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Starting to validate announcement notification.
Oct 21 22:33:09 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Publishing announcement notification. ({'module': 'remote', 'action': 'advertize', 'kind': 'notification', 'data': {'state': 'running', 'id': '0000000B000128C9', 'hostname': 'shulyaka.org.ru', 'netboot': 'no', 'modules': [{'name': 'about', 'version': '5.2.0'}, {'name': 'diagnostics', 'version': '1.0.5'}, {'name': 'dns', 'version': '5.2.0'}, {'name': 'guest', 'version': '5.2.0'}, {'name': 'haas', 'version': '0.1.1'}, {'name': 'introspect', 'version': '5.2.0'}, {'name': 'lan', 'version': '5.2.0'}, {'name': 'maintain', 'version': '5.2.0'}, {'name': 'netmetr', 'version': '0.4.2'}, {'name': 'networks', 'version': '5.2.0'}, {'name': 'nextcloud', 'version': '0.2.0'}, {'name': 'openvpn', 'version': '0.8.0'}, {'name': 'openvpn_client', 'version': '0.6.0'}, {'name': 'password', 'version': '5.2.0'}, {'name': 'remote', 'version': '5.2.0'}, {'name': 'router_notifications', 'version': '5.2.0'}, {'name': 'schnapps', 'version': '0.5'}, {'name': '
Oct 21 22:33:09 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Announcer thread published.
Oct 21 22:33:09 shulyaka foris-controller[27440]: DEBUG:foris_client.buses.mqtt:Msg recieved for 'foris-controller/0000000B000128C9/notification/remote/action/advertize' (msg=b'{"module": "remote", "action": "advertize", "kind": "notification", "data": {"state": "running", "id": "0000000B000128C9", "hostname": "shulyaka.org.ru", "netboot": "no", "modules": [{"name": "about", "version": "5.2.0"}, {"name": "diagnostics", "version": "1.0.5"}, {"name": "dns", "version": "5.2.0"}, {"name": "guest", "version": "5.2.0"}, {"name": "haas", "version": "0.1.1"}, {"name": "introspect", "version": "5.2.0"}, {"name": "lan", "version": "5.2.0"}, {"name": "maintain", "version": "5.2.0"}, {"name": "netmetr", "version": "0.4.2"}, {"name": "networks", "version": "5.2.0"}, {"name": "nextcloud", "version": "0.2.0"}, {"name": "openvpn", "version": "0.8.0"}, {"name": "openvpn_client", "version": "0.6.0"}, {"name": "password", "version": "5.2.0"}, {"name": "remote", "version": "5.2.0"}, {"name": "router_notifications", "version": "5.2.0
Oct 21 22:33:09 shulyaka foris-controller[27440]: DEBUG:foris_client.buses.mqtt:Msg for 'foris-controller/0000000B000128C9/notification/remote/action/advertize' was processed
Oct 21 22:33:10 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Starting to validate announcement notification.
Oct 21 22:33:10 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Publishing announcement notification. ({'module': 'remote', 'action': 'advertize', 'kind': 'notification', 'data': {'state': 'running', 'id': '0000000B000128C9', 'hostname': 'shulyaka.org.ru', 'netboot': 'no', 'modules': [{'name': 'about', 'version': '5.2.0'}, {'name': 'diagnostics', 'version': '1.0.5'}, {'name': 'dns', 'version': '5.2.0'}, {'name': 'guest', 'version': '5.2.0'}, {'name': 'haas', 'version': '0.1.1'}, {'name': 'introspect', 'version': '5.2.0'}, {'name': 'lan', 'version': '5.2.0'}, {'name': 'maintain', 'version': '5.2.0'}, {'name': 'netmetr', 'version': '0.4.2'}, {'name': 'networks', 'version': '5.2.0'}, {'name': 'nextcloud', 'version': '0.2.0'}, {'name': 'openvpn', 'version': '0.8.0'}, {'name': 'openvpn_client', 'version': '0.6.0'}, {'name': 'password', 'version': '5.2.0'}, {'name': 'remote', 'version': '5.2.0'}, {'name': 'router_notifications', 'version': '5.2.0'}, {'name': 'schnapps', 'version': '0.5'}, {'name': '
Oct 21 22:33:10 shulyaka foris-controller[27440]: DEBUG:foris_controller.buses.mqtt:Announcer thread published.
Oct 21 22:33:10 shulyaka foris-controller[27440]: DEBUG:foris_client.buses.mqtt:Msg recieved for 'foris-controller/0000000B000128C9/notification/remote/action/advertize' (msg=b'{"module": "remote", "action": "advertize", "kind": "notification", "data": {"state": "running", "id": "0000000B000128C9", "hostname": "shulyaka.org.ru", "netboot": "no", "modules": [{"name": "about", "version": "5.2.0"}, {"name": "diagnostics", "version": "1.0.5"}, {"name": "dns", "version": "5.2.0"}, {"name": "guest", "version": "5.2.0"}, {"name": "haas", "version": "0.1.1"}, {"name": "introspect", "version": "5.2.0"}, {"name": "lan", "version": "5.2.0"}, {"name": "maintain", "version": "5.2.0"}, {"name": "netmetr", "version": "0.4.2"}, {"name": "networks", "version": "5.2.0"}, {"name": "nextcloud", "version": "0.2.0"}, {"name": "openvpn", "version": "0.8.0"}, {"name": "openvpn_client", "version": "0.6.0"}, {"name": "password", "version": "5.2.0"}, {"name": "remote", "version": "5.2.0"}, {"name": "router_notifications", "version": "5.2.0
Oct 21 22:33:10 shulyaka foris-controller[27440]: DEBUG:foris_client.buses.mqtt:Msg for 'foris-controller/0000000B000128C9/notification/remote/action/advertize' was processed
```
Is there any other logs I could get? These are probably not so informative.https://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues/29Hosts on LAN seems not to be accessible from VPN clients2022-09-26T17:31:31+02:00Martin MatějekHosts on LAN seems not to be accessible from VPN clientsWe currently use routed VPN (tun) and VPN clients have IP address from different subnet.
For example:
```
LAN: 192.168.1.0/24
VPN: 10.111.111.0/24
```
Actually, hosts on LAN are reachable as packets are routed to the LAN subnet, but fr...We currently use routed VPN (tun) and VPN clients have IP address from different subnet.
For example:
```
LAN: 192.168.1.0/24
VPN: 10.111.111.0/24
```
Actually, hosts on LAN are reachable as packets are routed to the LAN subnet, but from the VPN client's point of view, the host in LAN looks unreachable.
For example: web server on 192.168.1.25 with at least basic firewall, will reject the packets, because of unexpected source IP.
```
10.111.111.2 (client) -> 192.168.1.25:80 (target host)
```
Perhaps 1:1 NAT would help here?https://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues/28Add option to export/import the OpenVPN server CA and config2022-01-04T17:31:01+01:00Martin MatějekAdd option to export/import the OpenVPN server CA and configrelated to: turris/reforis/reforis-openvpn#30
Add functionality to be able to import or export OpenVPN server config across Turris devices.related to: turris/reforis/reforis-openvpn#30
Add functionality to be able to import or export OpenVPN server config across Turris devices.https://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues/27Migrate network configuration to the new OpenWrt 21.02 configuration2022-02-12T19:49:29+01:00Martin MatějekMigrate network configuration to the new OpenWrt 21.02 configurationComplementary issue to turris/foris-controller/foris-controller#204
Adjust it to be able to read both old and new config, but allow storing only new config syntax.
https://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-...Complementary issue to turris/foris-controller/foris-controller#204
Adjust it to be able to read both old and new config, but allow storing only new config syntax.
https://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/blob/master/foris_controller_backends/openvpn/__init__.py#L217-221Foris-controller 4.1.0https://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues/26Server configuration is broken when wrong VPN network address specified2021-05-31T09:06:49+02:00Jan BetikServer configuration is broken when wrong VPN network address specifiedI made a mistake in reForis OpenVPN Server settings, filling the 10.98.1.1 value in the VPN network address field while keeping the VPN network mask field intact. The settings were accepted but the server did not start and the log was fl...I made a mistake in reForis OpenVPN Server settings, filling the 10.98.1.1 value in the VPN network address field while keeping the VPN network mask field intact. The settings were accepted but the server did not start and the log was flooded with
```
May 26 21:18:59 turris openvpn(server_turris)[6363]: Options error: --server directive network/netmask combination is invalid
May 26 21:18:59 turris openvpn(server_turris)[6363]: Use --help for more information.
May 26 21:19:04 turris openvpn(server_turris)[6369]: Options error: --server directive network/netmask combination is invalid
May 26 21:19:04 turris openvpn(server_turris)[6369]: Use --help for more information.
```
messages.
It would be nice to have the IP range check implemented.https://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues/25Cannot open /etc/dhparam/dh-default.pem for DH parameters2022-01-27T17:34:15+01:00Lukas JelinekCannot open /etc/dhparam/dh-default.pem for DH parametersAfter automatic upgrade to TOS 5.2 (and manual reboot), the OpenVPN server could no longer start and issued these messages:
```
OpenSSL: error:02001002:system library:fopen:No such file or directory
OpenSSL: error:2006D080:BIO routines:...After automatic upgrade to TOS 5.2 (and manual reboot), the OpenVPN server could no longer start and issued these messages:
```
OpenSSL: error:02001002:system library:fopen:No such file or directory
OpenSSL: error:2006D080:BIO routines:BIO_new_file:no such file
Cannot open /etc/dhparam/dh-default.pem for DH parameters
```
As I could see, the `/etc/dhparam/dh-default.pem` file was not present although the configuration file ([openvpn-server_turris.conf](/uploads/c8ebfdbcff6f234ff85ef4887931ebb0/openvpn-server_turris.conf)) refered to it. There was only `/etc/dhparam/dh2048.pem` and `/usr/share/turris-cagen/dhparam.pem`. Copying the latter one to `/etc/dhparam/dh-default.pem` helped to start the server.Turris OS 5.2.1https://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues/24When interupted, CA generation can't continue2023-05-11T14:41:08+02:00Michal HruseckyWhen interupted, CA generation can't continueI was trying to generate a new CA in 5.2 and because of #23 I lost patience and rebooted the router. Now I have no openssl process running, but the web page still claims that it is generating a CA. Not sure whether foris-controller issue...I was trying to generate a new CA in 5.2 and because of #23 I lost patience and rebooted the router. Now I have no openssl process running, but the web page still claims that it is generating a CA. Not sure whether foris-controller issue or cagen issue, feel fre to move/reassign.https://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues/23dh params generation takes awfully long2021-05-26T22:24:34+02:00Michal Hruseckydh params generation takes awfully longdh params should not be generated when user is creating a ca. It takes awfully long. Those are needed on server only and there is AFAIK no security issue if they are large enough (2048 and more) and well known. This issue was solved a lo...dh params should not be generated when user is creating a ca. It takes awfully long. Those are needed on server only and there is AFAIK no security issue if they are large enough (2048 and more) and well known. This issue was solved a long time ago by dhparam package that used shared big dhparams and started generating its own in the background which then replaced the shared one. To avoid blocking openvpn server setup, so people can start using it in few minutes not in half an hour. In foris controller, it should be quite easy to fix, but needs to resurrect dhparams package.
Caused by turris/foris-controller/foris-controller-openvpn-module!4 and turris/os/packages!606, so assigning @kkocihttps://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues/22VPN server is not accessible after transport protocol change2021-03-08T18:22:59+01:00Vojtech MyslivecVPN server is not accessible after transport protocol change### Steps to reproduce
Tried with reForis on MOX in HBT/TOS 5.1.10
1. Setup default (via UDP) and working OpenVPN server.
2. Restart a router to make sure everything works as expected after reboot
3. Go to reforis, exchange trasport pr...### Steps to reproduce
Tried with reForis on MOX in HBT/TOS 5.1.10
1. Setup default (via UDP) and working OpenVPN server.
2. Restart a router to make sure everything works as expected after reboot
3. Go to reforis, exchange trasport protocol to UDP and click save
Now, OpenVPN server becomes inaccessible - it does not listen on UDP anymore and TCP port 1194 is closed by the firewall.
### Recommended solution
The root cause is IMO in _reloading_ the firewall which leads to not applying the rule to open TCP prot (it also let the UDP port open!). Once I _restart_ the firewall manually via ssh, the openvpn server becomes accessible.
Please also verify that the `openvpn` service is restarted after the change in step 3.https://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues/21The server does not make the IPv6 network behind it accessible2020-12-13T03:01:45+01:00Stepan RechnerThe server does not make the IPv6 network behind it accessibleIt is only possible to access the computers behind the server on IPv4, even if they have IPv6 addresses. And it is not possible to access those computers, which have only IPv6 addresses.
Even in reForis at the server configuration, only...It is only possible to access the computers behind the server on IPv4, even if they have IPv6 addresses. And it is not possible to access those computers, which have only IPv6 addresses.
Even in reForis at the server configuration, only the IPv4 VPN network address can be configured.https://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues/20Server configuration broken after adding client2022-01-18T14:55:09+01:00Lukas JelinekServer configuration broken after adding clientI've create a new client configuration (several older configurations were already there). Then reForis has started to display (on **Server Setting**): _An error occurred while fetching data._
It looks that the configuration contains som...I've create a new client configuration (several older configurations were already there). Then reForis has started to display (on **Server Setting**): _An error occurred while fetching data._
It looks that the configuration contains some unparseable data.
`/var/log/messages` contains lines like these ones:
```log
Dec 6 19:54:20 turris foris-controller[5204]: ERROR:foris_controller_backends.uci:Uci transaction terminated.
Dec 6 19:54:20 turris foris-controller[5204]: ERROR:foris_controller.message_router:Internal error occured <class 'foris_controller.exceptions.UciException'>('['uci', '-n', '-c', '/etc/config/', '-P', '/tmp/.uci-foris-controller', 'export', 'openvpn']: command failed (b'uci: Parse error (invalid character in name field) at line 61, byte 25\n')'):
```
And `/var/log/lighttpd/error.log` contains:
```log
2020-12-06 20:54:20: (mod_fastcgi.c.421) FastCGI-stderr: [2020-12-06 20:54:20,811] ERROR in backend: Exception in backend occurred. (Controller error(s) has occured:
2020-12-06 20:54:20: (mod_fastcgi.c.421) FastCGI-stderr: Traceback (most recent call last):
2020-12-06 20:54:20: (mod_fastcgi.c.421) FastCGI-stderr: File "/usr/lib/python3.7/site-packages/foris_controller/message_router.py", line 117, in process_message
2020-12-06 20:54:20: (mod_fastcgi.c.421) FastCGI-stderr: File "/usr/lib/python3.7/site-packages/foris_controller/module_base.py", line 61, in perform_action
2020-12-06 20:54:20: (mod_fastcgi.c.421) FastCGI-stderr: File "/usr/lib/python3.7/site-packages/foris_controller_modules/openvpn/__init__.py", line 63, in action_get_settings
2020-12-06 20:54:20: (mod_fastcgi.c.421) FastCGI-stderr: File "/usr/lib/python3.7/site-packages/foris_controller/utils.py", line 111, in inner
2020-12-06 20:54:20: (mod_fastcgi.c.421) FastCGI-stderr: File "/usr/lib/python3.7/site-packages/foris_controller_modules/openvpn/handlers/openwrt.py", line 61, in get_settings
2020-12-06 20:54:20: (mod_fastcgi.c.421) FastCGI-stderr: File "/usr/lib/python3.7/site-packages/foris_controller_backends/openvpn/__init__.py", line 154, in get_settings
2020-12-06 20:54:20: (mod_fastcgi.c.421) FastCGI-stderr: File "/usr/lib/python3.7/site-packages/foris_controller_backends/uci/__init__.py", line 341, in read
2020-12-06 20:54:20: (mod_fastcgi.c.421) FastCGI-stderr: File "/usr/lib/python3.7/site-packages/foris_controller_backends/uci/__init__.py", line 347, in export_data
2020-12-06 20:54:20: (mod_fastcgi.c.421) FastCGI-stderr: File "/usr/lib/python3.7/site-packages/foris_controller_backends/uci/__init__.py", line 182, in _run_uci_command
2020-12-06 20:54:20: (mod_fastcgi.c.421) FastCGI-stderr: foris_controller.exceptions.UciException: ['uci', '-n', '-c', '/etc/config/', '-P', '/tmp/.uci-foris-controller', 'export', 'openvpn']: command failed (b'uci: Parse error (invalid character in name field) at line 61, byte 25\n')
2020-12-06 20:54:20: (mod_fastcgi.c.421) FastCGI-stderr: Internal error ['uci', '-n', '-c', '/etc/config/', '-P', '/tmp/.uci-foris-controller', 'export', 'openvpn']: command failed (b'uci: Parse error (invalid character in name field) at line 61, byte 25\n')('<class 'foris_controller.exceptions.UciException'>')
2020-12-06 20:54:20: (mod_fastcgi.c.421) FastCGI-stderr: )
```
Device: Turris Omnia
TOS version: 5.1.4 (HBS)https://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues/19Add ability to configure subnet routed trough host2020-11-27T01:51:52+01:00Karel KociAdd ability to configure subnet routed trough hostBy adding _client-config-dir_ file for given host and by adding `route` and `push route` to server configuration.
This, together with turris/foris-controller/foris-controller-openvpn_client-module#17, should allow site-to-site VPN conne...By adding _client-config-dir_ file for given host and by adding `route` and `push route` to server configuration.
This, together with turris/foris-controller/foris-controller-openvpn_client-module#17, should allow site-to-site VPN connection.https://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues/18udp6/tcp6 combined with IPv4 address in client configuration2021-04-30T14:19:20+02:00Lukas Jelinekudp6/tcp6 combined with IPv4 address in client configurationIf a user check _Listen on IPv6_ it generates `proto udp6` or `tcp6` to client configuration files. But `remote` still contains an IPv4 address. This configuration won't work because it can't resolve IPv4 addresses for IPv6 communication...If a user check _Listen on IPv6_ it generates `proto udp6` or `tcp6` to client configuration files. But `remote` still contains an IPv4 address. This configuration won't work because it can't resolve IPv4 addresses for IPv6 communication.
## Steps to reproduce
1. Check _Listen on IPv6_ on the _OpenVPN -> Server Settings_ page.
2. Generate a client configuration on the _OpenVPN -> Client Registration_ page.
3. Download the configuration and use it in an OpenVPN client.
## Expected behavior
Unfortunately, it can't be determined what _Listen on IPv6_ exactly means (whether IPv4 should be used or not). Because of this, there can be two distinct ways how to work with it.
### IPv6 without IPv4
The checkbox should be available only if IPv6 is enabled and working. If checked, it should generate `proto udp6/tcp6` together with an IPv6 address in `remote`.
### IPv4 + IPv6
Another option should be available to choose which protocol to be used. It should generate `proto` and `remote` for the selected protocol.
## Actual behavior
According to the checkbox state, `proto` contains `udp/tcp` or `udp6/tcp6`. Regardless to the checkbox state, `remote` contains an IPv4 address.foris-controller-openvpn-module: IPv6 fixhttps://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues/17Change topology net30 to topology subnet2021-05-03T13:17:11+02:00Jan BetikChange topology net30 to topology subnetBy default, the OpenVPN server sends to the client the option **topology net30**
```
Nov 6 15:58:45 omnia1 openvpn(turris)[8508]: PUSH: Received control message: 'PUSH_REPLY,route 198.18.2.0 255.255.255.0,route 48.0.0.0 255.255.0.0,route...By default, the OpenVPN server sends to the client the option **topology net30**
```
Nov 6 15:58:45 omnia1 openvpn(turris)[8508]: PUSH: Received control message: 'PUSH_REPLY,route 198.18.2.0 255.255.255.0,route 48.0.0.0 255.255.0.0,route 10.111.111.1,topology net30,ping 10,ping-restart 120,ifconfig 10.111.111.6 10.111.111.5,peer-id 0,cipher AES-256-GCM'
```
This option is deprecated and for legacy clients only (year 2014). By configuring the **topology subnet** directive, it makes the routing table easier to read and simplifies the routing.
```
uci set openvpn.server_turris.topology='subnet'
```
```
Nov 6 16:10:42 omnia1 openvpn(turris)[11847]: PUSH: Received control message: 'PUSH_REPLY,route 198.18.2.0 255.255.255.0,route 48.0.0.0 255.255.0.0,route-gateway 10.111.111.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.111.111.4 255.255.255.0,peer-id 0,cipher AES-256-GCM'
```
[OpenVPN Topology](https://community.openvpn.net/openvpn/wiki/Topology)Filip HronFilip Hronhttps://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues/16remove unicode strings as depraceted by utilizing python32020-11-11T12:13:03+01:00Filip Hronremove unicode strings as depraceted by utilizing python3unicode strings are no longer required in pythonunicode strings are no longer required in pythonFilip HronFilip Hronhttps://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues/15Return certificate name within get_client_config api call2020-11-11T12:13:03+01:00Martin MatějekReturn certificate name within get_client_config api callWe should also return certificate name so we could use it on frontend when offering download of such file.
Just add `name` to json schema reply:
https://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/blob/maste...We should also return certificate name so we could use it on frontend when offering download of such file.
Just add `name` to json schema reply:
https://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/blob/master/foris_controller_modules/openvpn/schema/openvpn.json#L426
We could reuse or get inspiration by this object:
https://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/blob/master/foris_controller_modules/openvpn/schema/openvpn.json#L84
Dependency for: turris/reforis/reforis-openvpn#17Filip HronFilip Hronhttps://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues/14set cipher in config2020-12-10T23:33:44+01:00Martin Matějekset cipher in configClient configuration generated in (re)Foris doesn't have `cipher` set.
Some OpenVPN clients (such as Passepartout) refuse to import and use that config.
Simply setting `cipher` in openvpn config will fix this issue.
Support ticket: #1...Client configuration generated in (re)Foris doesn't have `cipher` set.
Some OpenVPN clients (such as Passepartout) refuse to import and use that config.
Simply setting `cipher` in openvpn config will fix this issue.
Support ticket: #1107487https://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues/13Update push route when LAN subnet changes2021-08-05T22:54:03+02:00Vojtech MyslivecUpdate push route when LAN subnet changesWhen you have OpenVPN server configured and then changed LAN subnet, push route to the LAN segment in the `/etc/config/openvpn` stays with the original LAN subnet.
Changing LAN subnet in the *Foris interface should update OpenVPN push r...When you have OpenVPN server configured and then changed LAN subnet, push route to the LAN segment in the `/etc/config/openvpn` stays with the original LAN subnet.
Changing LAN subnet in the *Foris interface should update OpenVPN push route configuration as well.Foris Controller 2.1.0