SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264
| Anonymous | Login | 2021-01-25 14:14 UTC |  |
| Main | My View | View Issues | Change Log | Roadmap |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||||
| 0003309 | Endian Firewall | OpenVPN Client and Server | public | 2010-11-18 14:45 | 2011-02-28 09:24 | ||||||
| Reporter | slimspy57 | ||||||||||
| Assigned To | peter-endian | ||||||||||
| Priority | normal | Severity | minor | Reproducibility | always | ||||||
| Status | feedback | Resolution | reopened | ||||||||
| Platform | OS | OS Version | |||||||||
| Product Version | |||||||||||
| Target Version | Fixed in Version | 2.4.1 | |||||||||
| Summary | 0003309: Can not change port openvpn uses | ||||||||||
| Description | Under the advanced openvpn server settings I tried changing the port Openvpn uses to 4500 and click "save and restart" and it repopulated with port 1194. | ||||||||||
| Tags | No tags attached. | ||||||||||
| Attached Files | |||||||||||
 Relationships |
||||||
|
||||||
 Relationships |
|
Notes |
|
|
(0005161) slimspy57 (reporter) 2010-11-18 14:46 |
this is in the latest 2.4.1 iso release |
|
(0005162) lorenzo-endian (manager) 2010-11-18 15:03 |
Hi slimspy57, I can confirm that this problem exists. Below, the logs in /var/log/openvpn/* : ==> /var/log/openvpn/openvpn.log <== Nov 18 15:58:17 efw-test04 openvpn[8725]: event_wait : Interrupted system call (code=4) Nov 18 15:58:17 efw-test04 openvpn[8725]: OpenVPN CLIENT LIST Nov 18 15:58:17 efw-test04 openvpn[8725]: Updated,Thu Nov 18 15:58:17 2010 Nov 18 15:58:17 efw-test04 openvpn[8725]: Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since Nov 18 15:58:17 efw-test04 openvpn[8725]: ROUTING TABLE Nov 18 15:58:17 efw-test04 openvpn[8725]: Virtual Address,Common Name,Real Address,Last Ref Nov 18 15:58:17 efw-test04 openvpn[8725]: GLOBAL STATS Nov 18 15:58:17 efw-test04 openvpn[8725]: Max bcast/mcast queue length,0 Nov 18 15:58:17 efw-test04 openvpn[8725]: END Nov 18 15:58:17 efw-test04 openvpn[8725]: event_wait : Interrupted system call (code=4) Nov 18 15:58:17 efw-test04 openvpn[8725]: SIGTERM[hard,] received, process exiting Nov 18 15:58:18 efw-test04 openvpn[8844]: OpenVPN 2.1.1 i586-pc-linux [SSL] [LZO2] [EPOLL] built on Aug 6 2010 Nov 18 15:58:18 efw-test04 openvpn[8844]: NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to Nov 18 15:58:18 efw-test04 openvpn[8844]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Nov 18 15:58:18 efw-test04 openvpn[8844]: NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion Nov 18 15:58:18 efw-test04 openvpn[8844]: WARNING: file '/var/efw/openvpn/pkcs12.p12' is group or others accessible Nov 18 15:58:18 efw-test04 openvpn[8844]: WARNING: POTENTIALLY DANGEROUS OPTION --client-cert-not-required may accept clients which do not present a certificate Nov 18 15:58:18 efw-test04 openvpn[8844]: TUN/TAP device tap0 opened Nov 18 15:58:18 efw-test04 openvpn[8846]: GID set to openvpn Nov 18 15:58:18 efw-test04 openvpn[8846]: UID set to openvpn Nov 18 15:58:18 efw-test04 openvpn[8846]: UDPv4 link local (bound): [undef]:1194 Nov 18 15:58:18 efw-test04 openvpn[8846]: UDPv4 link remote: [undef] Nov 18 15:58:18 efw-test04 openvpn[8846]: Initialization Sequence Completed ==> /var/log/openvpn/openvpn-status.log <== OpenVPN CLIENT LIST Updated,Thu Nov 18 15:58:19 2010 Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since ROUTING TABLE Virtual Address,Common Name,Real Address,Last Ref GLOBAL STATS Max bcast/mcast queue length,0 END Thanks for the info provided! Lo |
|
(0005301) zioparente (reporter) 2010-12-05 10:43 |
I suggest you to configure in the Firewall Menu a "port forwarding / NAT" rule to redirect traffic from the UDP port 4500 to the UDP port 1194 instead of changing the port associated with the OpenVPN service. ZioParente. |
|
(0005761) tilman (reporter) 2011-02-28 09:24 |
Release: Endian Firewall Community release 2.4.1 - Portforwarding is not an option while we're using TCP (443). I've checked a littlebit arround and found this: /var/efw/openvpn/settings: .. PORT=1194 PROTOCOL=udp /var/efw/openvpn/default/settings: .. OPENVPN_PROTOCOL=udp OPENVPN_PORT=1194 /home/httpd/cgi-bin/openvpn_advanced.cgi: ... $port = $conf->{OPENVPN_PORT}; $protocol = $conf->{OPENVPN_PROTOCOL}; could it be, that there's a variable mismatch between PORT/PROTOCOL and OPENVPN_PORT/PROTOCOL ? I have configured the variables within the files to TCP and Port 443 (/var/efw/openvpn/settings, /var/efw/openvpn/default/settings). After this configuration the openvpn server runs well: root@XXX:/var/efw/openvpn # netstat -a | grep *:https tcp 0 0 *:https *:* LISTEN OpenVPN.log: Feb 28 09:47:13 XXX openvpn[1469]: OpenVPN 2.1.1 i586-pc-linux [SSL] [LZO2] [EPOLL] built on Aug 6 2010 Feb 28 09:47:13 XXX openvpn[1469]: NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to Feb 28 09:47:13 XXX openvpn[1469]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Feb 28 09:47:13 XXX openvpn[1469]: NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion Feb 28 09:47:13 XXX openvpn[1469]: WARNING: file '/var/efw/openvpn/pkcs12.p12' is group or others accessible Feb 28 09:47:13 XXX openvpn[1469]: WARNING: POTENTIALLY DANGEROUS OPTION --client-cert-not-required may accept clients which do not present a certificate Feb 28 09:47:13 XXX openvpn[1469]: TUN/TAP device tap0 opened Feb 28 09:47:13 XXX openvpn[1471]: GID set to openvpn Feb 28 09:47:13 XXX openvpn[1471]: UID set to openvpn Feb 28 09:47:13 XXX openvpn[1471]: Listening for incoming TCP connection on [undef]:443 Feb 28 09:47:13 XXX openvpn[1471]: TCPv4_SERVER link local (bound): [undef]:443 Feb 28 09:47:13 XXX openvpn[1471]: TCPv4_SERVER link remote: [undef] Feb 28 09:47:13 XXX openvpn[1471]: Initialization Sequence Completed |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2010-11-18 14:45 | slimspy57 | New Issue | |
| 2010-11-18 14:46 | slimspy57 | Note Added: 0005161 | |
| 2010-11-18 15:03 | lorenzo-endian | Note Added: 0005162 | |
| 2010-11-18 15:03 | lorenzo-endian | Assigned To | => lorenzo-endian |
| 2010-11-18 15:03 | lorenzo-endian | Status | new => confirmed |
| 2010-11-23 06:46 | lorenzo-endian | Status | confirmed => new |
| 2010-11-23 06:46 | lorenzo-endian | Assigned To | lorenzo-endian => simon-endian |
| 2010-11-23 06:46 | lorenzo-endian | Status | new => confirmed |
| 2010-12-05 10:43 | zioparente | Note Added: 0005301 | |
| 2011-01-04 07:58 | ra-endian | Relationship added | duplicate of 0003410 |
| 2011-02-01 15:41 | lorenzo-endian | Customer Occurencies | => 0 |
| 2011-02-01 15:41 | lorenzo-endian | Assigned To | simon-endian => peter-endian |
| 2011-02-18 14:45 | ra-endian | Status | confirmed => closed |
| 2011-02-18 14:45 | ra-endian | Resolution | open => fixed |
| 2011-02-18 14:45 | ra-endian | Fixed in Version | => 2.4.1 |
| 2011-02-28 09:24 | tilman | Note Added: 0005761 | |
| 2011-02-28 09:24 | tilman | Status | closed => feedback |
| 2011-02-28 09:24 | tilman | Resolution | fixed => reopened |
|
Issue History |
| Copyright © 2000 - 2012 MantisBT Group |
 |