SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0003309: Can not change port openvpn uses - MantisBT
MantisBT - Endian Firewall
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0003309Endian FirewallOpenVPN Client and Serverpublic2010-11-18 14:452011-02-28 09:24
Reporterslimspy57 
Assigned Topeter-endian 
PrioritynormalSeverityminorReproducibilityalways
StatusfeedbackResolutionreopened 
PlatformOSOS Version
Product Version 
Target VersionFixed in Version2.4.1 
Customer Importance
Customer Occurrences
Queue
Summary0003309: Can not change port openvpn uses
DescriptionUnder the advanced openvpn server settings I tried changing the port Openvpn uses to 4500 and click "save and restart" and it repopulated with port 1194.
Steps To Reproduce
Additional Information
TagsNo tags attached.
Relationships
duplicate of 0003410closed peter-endian OpenVPN could not change port or protocol 
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2010-11-18 14:45slimspy57New Issue
2010-11-18 14:46slimspy57Note Added: 0005161
2010-11-18 15:03lorenzo-endianNote Added: 0005162
2010-11-18 15:03lorenzo-endianAssigned To => lorenzo-endian
2010-11-18 15:03lorenzo-endianStatusnew => confirmed
2010-11-23 06:46lorenzo-endianStatusconfirmed => new
2010-11-23 06:46lorenzo-endianAssigned Tolorenzo-endian => simon-endian
2010-11-23 06:46lorenzo-endianStatusnew => confirmed
2010-12-05 10:43zioparenteNote Added: 0005301
2011-01-04 07:58ra-endianRelationship addedduplicate of 0003410
2011-02-01 15:41lorenzo-endianCustomer Occurencies => 0
2011-02-01 15:41lorenzo-endianAssigned Tosimon-endian => peter-endian
2011-02-18 14:45ra-endianStatusconfirmed => closed
2011-02-18 14:45ra-endianResolutionopen => fixed
2011-02-18 14:45ra-endianFixed in Version => 2.4.1
2011-02-28 09:24tilmanNote Added: 0005761
2011-02-28 09:24tilmanStatusclosed => feedback
2011-02-28 09:24tilmanResolutionfixed => reopened

Notes
(0005161)
slimspy57   
2010-11-18 14:46   
this is in the latest 2.4.1 iso release
(0005162)
lorenzo-endian   
2010-11-18 15:03   
Hi slimspy57,

I can confirm that this problem exists.

Below, the logs in /var/log/openvpn/* :


==> /var/log/openvpn/openvpn.log <==
Nov 18 15:58:17 efw-test04 openvpn[8725]: event_wait : Interrupted system call (code=4)
Nov 18 15:58:17 efw-test04 openvpn[8725]: OpenVPN CLIENT LIST
Nov 18 15:58:17 efw-test04 openvpn[8725]: Updated,Thu Nov 18 15:58:17 2010
Nov 18 15:58:17 efw-test04 openvpn[8725]: Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
Nov 18 15:58:17 efw-test04 openvpn[8725]: ROUTING TABLE
Nov 18 15:58:17 efw-test04 openvpn[8725]: Virtual Address,Common Name,Real Address,Last Ref
Nov 18 15:58:17 efw-test04 openvpn[8725]: GLOBAL STATS
Nov 18 15:58:17 efw-test04 openvpn[8725]: Max bcast/mcast queue length,0
Nov 18 15:58:17 efw-test04 openvpn[8725]: END
Nov 18 15:58:17 efw-test04 openvpn[8725]: event_wait : Interrupted system call (code=4)
Nov 18 15:58:17 efw-test04 openvpn[8725]: SIGTERM[hard,] received, process exiting
Nov 18 15:58:18 efw-test04 openvpn[8844]: OpenVPN 2.1.1 i586-pc-linux [SSL] [LZO2] [EPOLL] built on Aug 6 2010
Nov 18 15:58:18 efw-test04 openvpn[8844]: NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Nov 18 15:58:18 efw-test04 openvpn[8844]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 18 15:58:18 efw-test04 openvpn[8844]: NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion
Nov 18 15:58:18 efw-test04 openvpn[8844]: WARNING: file '/var/efw/openvpn/pkcs12.p12' is group or others accessible
Nov 18 15:58:18 efw-test04 openvpn[8844]: WARNING: POTENTIALLY DANGEROUS OPTION --client-cert-not-required may accept clients which do not present a certificate
Nov 18 15:58:18 efw-test04 openvpn[8844]: TUN/TAP device tap0 opened
Nov 18 15:58:18 efw-test04 openvpn[8846]: GID set to openvpn
Nov 18 15:58:18 efw-test04 openvpn[8846]: UID set to openvpn
Nov 18 15:58:18 efw-test04 openvpn[8846]: UDPv4 link local (bound): [undef]:1194
Nov 18 15:58:18 efw-test04 openvpn[8846]: UDPv4 link remote: [undef]
Nov 18 15:58:18 efw-test04 openvpn[8846]: Initialization Sequence Completed

==> /var/log/openvpn/openvpn-status.log <==
OpenVPN CLIENT LIST
Updated,Thu Nov 18 15:58:19 2010
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
GLOBAL STATS
Max bcast/mcast queue length,0
END


Thanks for the info provided!

Lo
(0005301)
zioparente   
2010-12-05 10:43   
I suggest you to configure in the Firewall Menu a "port forwarding / NAT" rule to redirect traffic from the UDP port 4500 to the UDP port 1194 instead of changing the port associated with the OpenVPN service.

ZioParente.
(0005761)
tilman   
2011-02-28 09:24   
Release: Endian Firewall Community release 2.4.1

- Portforwarding is not an option while we're using TCP (443).

I've checked a littlebit arround and found this:

/var/efw/openvpn/settings:
..
PORT=1194
PROTOCOL=udp

/var/efw/openvpn/default/settings:
..
OPENVPN_PROTOCOL=udp
OPENVPN_PORT=1194

/home/httpd/cgi-bin/openvpn_advanced.cgi:
...
    $port = $conf->{OPENVPN_PORT};
    $protocol = $conf->{OPENVPN_PROTOCOL};


could it be, that there's a variable mismatch between PORT/PROTOCOL and OPENVPN_PORT/PROTOCOL ?

I have configured the variables within the files to TCP and Port 443
(/var/efw/openvpn/settings, /var/efw/openvpn/default/settings).

After this configuration the openvpn server runs well:

root@XXX:/var/efw/openvpn # netstat -a | grep *:https
tcp 0 0 *:https *:* LISTEN

OpenVPN.log:

Feb 28 09:47:13 XXX openvpn[1469]: OpenVPN 2.1.1 i586-pc-linux [SSL] [LZO2] [EPOLL] built on Aug 6 2010
Feb 28 09:47:13 XXX openvpn[1469]: NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Feb 28 09:47:13 XXX openvpn[1469]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Feb 28 09:47:13 XXX openvpn[1469]: NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion
Feb 28 09:47:13 XXX openvpn[1469]: WARNING: file '/var/efw/openvpn/pkcs12.p12' is group or others accessible
Feb 28 09:47:13 XXX openvpn[1469]: WARNING: POTENTIALLY DANGEROUS OPTION --client-cert-not-required may accept clients which do not present a certificate
Feb 28 09:47:13 XXX openvpn[1469]: TUN/TAP device tap0 opened
Feb 28 09:47:13 XXX openvpn[1471]: GID set to openvpn
Feb 28 09:47:13 XXX openvpn[1471]: UID set to openvpn
Feb 28 09:47:13 XXX openvpn[1471]: Listening for incoming TCP connection on [undef]:443
Feb 28 09:47:13 XXX openvpn[1471]: TCPv4_SERVER link local (bound): [undef]:443
Feb 28 09:47:13 XXX openvpn[1471]: TCPv4_SERVER link remote: [undef]
Feb 28 09:47:13 XXX openvpn[1471]: Initialization Sequence Completed