Anonymous | Login | 2024-12-22 00:21 MST |
Main | My View | View Issues | Change Log | Roadmap | Repositories |
View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
ID | Project | Category | View Status | Date Submitted | Last Update | ||||
0000822 | ClearOS | app-openvpn - OpenVPN | public | 2012-11-16 08:53 | 2013-03-10 10:44 | ||||
Reporter | NickH | ||||||||
Assigned To | user2 | ||||||||
Priority | normal | Severity | tweak | Reproducibility | always | ||||
Status | closed | Resolution | fixed | ||||||
Platform | OS | ClearOS | OS Version | 6.3 | |||||
Product Version | 6.3.0 | ||||||||
Target Version | 6.4.0 Beta 2 | Fixed in Version | 6.4.0 Beta 2 | ||||||
Summary | 0000822: /var/lib/openvpn/ipp.txt not populated | ||||||||
Description | Normally remote users and IP addresses should get recorded in /var/lib/openvpn/ipp.txt to be re-used where possible by OpenVPN. Currently the file is not being populated. It could be due to the permissions which are 600, but OpenVPN runs under user "nobody" so is unable to write to the file. If you change the permissions to 666 the file gets populated as users connect. | ||||||||
Steps To Reproduce | Install OpenVPN and have users connect remotely. /var/lib/openvpn/ipp.txt stays empty Stop OpenVPN Change file premissions to 666 Restart OpenVPN Get users to connect remotely The file now gets populated. Presumably remote users now effectively have quasi-static leases for their OpenVPN IP's as they used to in 5.2 | ||||||||
Additional Information | This bug is odd as OpenVPN also runs under user "nobody" in 5.2 and the file permissions are the same, but in 5.2 the file gets populated. The only obvious difference I can see in the installations is the handling of "script_security" in the 6.3 init file but reading the bugzilla report, I don't think it is relevant. I don't think the same problem exists with /var/lib/openvpn/openvpn-status.log. | ||||||||
Tags | No tags attached. | ||||||||
Attached Files | |||||||||
Notes | |
(0000584) user2 2012-11-19 12:39 |
It looks like the file is only updated after 10 minute intervals? that seems a bit weird. Here's the man page on the topic: --ifconfig-pool-persist file [seconds] Persist/unpersist ifconfig-pool data to file, at sec- onds intervals (default=600), as well as on program startup and shutdown. The goal of this option is to provide a long-term asso- ciation between clients (denoted by their common name) and the virtual IP address assigned to them from the ifconfig-pool. Maintaining a long-term association is good for clients because it allows them to effectively use the --persist-tun option. When I changed the default to 10 seconds, the ipp.txt was populated (even with the restrictive file permissions). Can you verify the same behavior? |
(0000585) NickH (developer) 2012-11-20 12:17 |
I can confirm that changing the line in clients.conf to "ifconfig-pool-persist /var/lib/openvpn/ipp.txt 10" and reverting the permissions to default works. It also works with 600 explicitly set i.e. "ifconfig-pool-persist /var/lib/openvpn/ipp.txt 600". To me the fix would be to add 600 to the end of the line if there is not already a value there. (A simple sed script?) |
(0000586) user2 2012-11-20 12:30 |
Thanks for the follow up! Yup, we'll add a fix to the upgrade script. |
(0000614) user2 2012-12-14 11:18 |
SVN 5191 |
(0000685) NickH (developer) 2013-02-02 15:25 |
I'm not sure we're there yet and I'm wondering if it is an OpenVPN bug. I'll try to do more research. ipp.txt now seems to be populated but gets cleared when the user logs off. I had a look a few days ago and had to change the permissions to 666 to see any values in the file but have not investigated further. |
(0000686) NickH (developer) 2013-02-04 06:03 |
Have a look at this redhat bug: https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=789342. [^] I think it applies to us because of clients.conf and clients-tcp.conf which both use the same ipp.txt file (and the same server subnet which is another unfiled bug but has been repored on the forum). |
(0000687) user2 2013-02-04 09:13 |
Ah yes, good catch! |
(0000696) NickH (developer) 2013-02-05 14:47 |
I've changed the line in clients conf back to "ifconfig-pool-persist /var/lib/openvpn/ipp.txt" and changed the line in clients-tcp.conf to "ifconfig-pool-persist /var/lib/openvpn/ipp-tcp.txt". I have not used any time parameter. Having done this it now looks like my ipp.txt is populating on its own. Also openvpn created the file /var/lib/openvpn/ipp-tcp.txt on its own. Both are using 600 permissions owned by root. So far so good. Can I suggest that if a bug fix is pushed, a comment line is added to the conf file as well to the effect that this file name must be different in every conf file? (ditto the server IP/subnet) |
(0000697) user2 2013-02-05 17:00 edited on: 2013-02-05 17:01 |
Follow up to comment 614 Source Code Changelog --------------------------------------------------- - Updated ifconfig-pool-persist parameter to improve ipp.txt handling [tracker 0000822] File Changes --------------------------------------------------- Details: http://code.clearfoundation.com/svn/revision.php?repname=ClearOS&rev=5191 [^] U webconfig/apps/openvpn/trunk/deploy/info.php U webconfig/apps/openvpn/trunk/deploy/upgrade U webconfig/apps/openvpn/trunk/packaging/app-openvpn.spec U webconfig/apps/openvpn/trunk/packaging/clients-tcp.conf U webconfig/apps/openvpn/trunk/packaging/clients.conf |
(0000698) user2 2013-02-05 17:06 |
Will target for the next release: 6.4.0 Beta 2, but the fix can be backported if upstream 6.4 does not appear soon. |
(0000699) user2 2013-02-07 15:29 |
Source Code Changelog --------------------------------------------------- - Changed ifconfig-pool-persist filename for TCP mode [tracker 0000822] File Changes --------------------------------------------------- Details: http://code.clearfoundation.com/svn/revision.php?repname=ClearOS&rev=5621 [^] U webconfig/apps/openvpn/trunk/deploy/upgrade U webconfig/apps/openvpn/trunk/packaging/clients-tcp.conf U webconfig/apps/openvpn/trunk/packaging/clients.conf |
Issue History | |||
Date Modified | Username | Field | Change |
2012-11-16 08:53 | NickH | New Issue | |
2012-11-19 07:24 | user2 | Status | new => confirmed |
2012-11-19 12:39 | user2 | Note Added: 0000584 | |
2012-11-20 12:17 | NickH | Note Added: 0000585 | |
2012-11-20 12:30 | user2 | Note Added: 0000586 | |
2012-12-14 11:18 | user2 | Note Added: 0000614 | |
2012-12-14 11:18 | user2 | Status | confirmed => resolved |
2012-12-14 11:18 | user2 | Fixed in Version | => 6.4.0 Beta 1 |
2012-12-14 11:18 | user2 | Resolution | open => fixed |
2012-12-14 11:18 | user2 | Assigned To | => user2 |
2013-02-02 12:19 | user2 | Status | resolved => closed |
2013-02-02 15:25 | NickH | Note Added: 0000685 | |
2013-02-02 15:25 | NickH | Status | closed => feedback |
2013-02-02 15:25 | NickH | Resolution | fixed => reopened |
2013-02-04 06:03 | NickH | Note Added: 0000686 | |
2013-02-04 06:03 | NickH | Status | feedback => assigned |
2013-02-04 09:13 | user2 | Note Added: 0000687 | |
2013-02-05 14:47 | NickH | Note Added: 0000696 | |
2013-02-05 17:00 | user2 | Checkin | |
2013-02-05 17:00 | user2 | Note Added: 0000697 | |
2013-02-05 17:01 | user2 | Note Edited: 0000697 | View Revisions |
2013-02-05 17:06 | user2 | Note Added: 0000698 | |
2013-02-05 17:06 | user2 | Fixed in Version | 6.4.0 Beta 1 => |
2013-02-05 17:06 | user2 | Target Version | => 6.4.0 Beta 2 |
2013-02-07 15:03 | user2 | Category | openvpn => app-openvpn - OpenVPN |
2013-02-07 15:29 | user2 | Checkin | |
2013-02-07 15:29 | user2 | Note Added: 0000699 | |
2013-02-07 15:31 | user2 | Status | assigned => resolved |
2013-02-07 15:31 | user2 | Fixed in Version | => 6.4.0 Beta 2 |
2013-02-07 15:31 | user2 | Resolution | reopened => fixed |
2013-03-10 10:44 | user2 | Status | resolved => closed |