SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0003309: Can not change port openvpn uses - MantisBT Endian Bugtracker
Endian Issue Tracker





Please see now our new Bugtracker system: JIRA








View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0003309Endian FirewallOpenVPN Client and Serverpublic2010-11-18 14:452011-02-28 09:24
Reporterslimspy57 
Assigned Topeter-endian 
PrioritynormalSeverityminorReproducibilityalways
StatusfeedbackResolutionreopened 
PlatformOSOS Version
Product Version 
Target VersionFixed in Version2.4.1 
Summary0003309: Can not change port openvpn uses
DescriptionUnder the advanced openvpn server settings I tried changing the port Openvpn uses to 4500 and click "save and restart" and it repopulated with port 1194.
TagsNo tags attached.
Attached Files

- Relationships
duplicate of 0003410closedpeter-endian OpenVPN could not change port or protocol 

-  Notes
(0005161)
slimspy57 (reporter)
2010-11-18 14:46

this is in the latest 2.4.1 iso release
(0005162)
lorenzo-endian (manager)
2010-11-18 15:03

Hi slimspy57,

I can confirm that this problem exists.

Below, the logs in /var/log/openvpn/* :


==> /var/log/openvpn/openvpn.log <==
Nov 18 15:58:17 efw-test04 openvpn[8725]: event_wait : Interrupted system call (code=4)
Nov 18 15:58:17 efw-test04 openvpn[8725]: OpenVPN CLIENT LIST
Nov 18 15:58:17 efw-test04 openvpn[8725]: Updated,Thu Nov 18 15:58:17 2010
Nov 18 15:58:17 efw-test04 openvpn[8725]: Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
Nov 18 15:58:17 efw-test04 openvpn[8725]: ROUTING TABLE
Nov 18 15:58:17 efw-test04 openvpn[8725]: Virtual Address,Common Name,Real Address,Last Ref
Nov 18 15:58:17 efw-test04 openvpn[8725]: GLOBAL STATS
Nov 18 15:58:17 efw-test04 openvpn[8725]: Max bcast/mcast queue length,0
Nov 18 15:58:17 efw-test04 openvpn[8725]: END
Nov 18 15:58:17 efw-test04 openvpn[8725]: event_wait : Interrupted system call (code=4)
Nov 18 15:58:17 efw-test04 openvpn[8725]: SIGTERM[hard,] received, process exiting
Nov 18 15:58:18 efw-test04 openvpn[8844]: OpenVPN 2.1.1 i586-pc-linux [SSL] [LZO2] [EPOLL] built on Aug 6 2010
Nov 18 15:58:18 efw-test04 openvpn[8844]: NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Nov 18 15:58:18 efw-test04 openvpn[8844]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 18 15:58:18 efw-test04 openvpn[8844]: NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion
Nov 18 15:58:18 efw-test04 openvpn[8844]: WARNING: file '/var/efw/openvpn/pkcs12.p12' is group or others accessible
Nov 18 15:58:18 efw-test04 openvpn[8844]: WARNING: POTENTIALLY DANGEROUS OPTION --client-cert-not-required may accept clients which do not present a certificate
Nov 18 15:58:18 efw-test04 openvpn[8844]: TUN/TAP device tap0 opened
Nov 18 15:58:18 efw-test04 openvpn[8846]: GID set to openvpn
Nov 18 15:58:18 efw-test04 openvpn[8846]: UID set to openvpn
Nov 18 15:58:18 efw-test04 openvpn[8846]: UDPv4 link local (bound): [undef]:1194
Nov 18 15:58:18 efw-test04 openvpn[8846]: UDPv4 link remote: [undef]
Nov 18 15:58:18 efw-test04 openvpn[8846]: Initialization Sequence Completed

==> /var/log/openvpn/openvpn-status.log <==
OpenVPN CLIENT LIST
Updated,Thu Nov 18 15:58:19 2010
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
GLOBAL STATS
Max bcast/mcast queue length,0
END


Thanks for the info provided!

Lo
(0005301)
zioparente (reporter)
2010-12-05 10:43

I suggest you to configure in the Firewall Menu a "port forwarding / NAT" rule to redirect traffic from the UDP port 4500 to the UDP port 1194 instead of changing the port associated with the OpenVPN service.

ZioParente.
(0005761)
tilman (reporter)
2011-02-28 09:24

Release: Endian Firewall Community release 2.4.1

- Portforwarding is not an option while we're using TCP (443).

I've checked a littlebit arround and found this:

/var/efw/openvpn/settings:
..
PORT=1194
PROTOCOL=udp

/var/efw/openvpn/default/settings:
..
OPENVPN_PROTOCOL=udp
OPENVPN_PORT=1194

/home/httpd/cgi-bin/openvpn_advanced.cgi:
...
    $port = $conf->{OPENVPN_PORT};
    $protocol = $conf->{OPENVPN_PROTOCOL};


could it be, that there's a variable mismatch between PORT/PROTOCOL and OPENVPN_PORT/PROTOCOL ?

I have configured the variables within the files to TCP and Port 443
(/var/efw/openvpn/settings, /var/efw/openvpn/default/settings).

After this configuration the openvpn server runs well:

root@XXX:/var/efw/openvpn # netstat -a | grep *:https
tcp 0 0 *:https *:* LISTEN

OpenVPN.log:

Feb 28 09:47:13 XXX openvpn[1469]: OpenVPN 2.1.1 i586-pc-linux [SSL] [LZO2] [EPOLL] built on Aug 6 2010
Feb 28 09:47:13 XXX openvpn[1469]: NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Feb 28 09:47:13 XXX openvpn[1469]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Feb 28 09:47:13 XXX openvpn[1469]: NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion
Feb 28 09:47:13 XXX openvpn[1469]: WARNING: file '/var/efw/openvpn/pkcs12.p12' is group or others accessible
Feb 28 09:47:13 XXX openvpn[1469]: WARNING: POTENTIALLY DANGEROUS OPTION --client-cert-not-required may accept clients which do not present a certificate
Feb 28 09:47:13 XXX openvpn[1469]: TUN/TAP device tap0 opened
Feb 28 09:47:13 XXX openvpn[1471]: GID set to openvpn
Feb 28 09:47:13 XXX openvpn[1471]: UID set to openvpn
Feb 28 09:47:13 XXX openvpn[1471]: Listening for incoming TCP connection on [undef]:443
Feb 28 09:47:13 XXX openvpn[1471]: TCPv4_SERVER link local (bound): [undef]:443
Feb 28 09:47:13 XXX openvpn[1471]: TCPv4_SERVER link remote: [undef]
Feb 28 09:47:13 XXX openvpn[1471]: Initialization Sequence Completed

- Issue History
Date Modified Username Field Change
2010-11-18 14:45 slimspy57 New Issue
2010-11-18 14:46 slimspy57 Note Added: 0005161
2010-11-18 15:03 lorenzo-endian Note Added: 0005162
2010-11-18 15:03 lorenzo-endian Assigned To => lorenzo-endian
2010-11-18 15:03 lorenzo-endian Status new => confirmed
2010-11-23 06:46 lorenzo-endian Status confirmed => new
2010-11-23 06:46 lorenzo-endian Assigned To lorenzo-endian => simon-endian
2010-11-23 06:46 lorenzo-endian Status new => confirmed
2010-12-05 10:43 zioparente Note Added: 0005301
2011-01-04 07:58 ra-endian Relationship added duplicate of 0003410
2011-02-01 15:41 lorenzo-endian Customer Occurencies => 0
2011-02-01 15:41 lorenzo-endian Assigned To simon-endian => peter-endian
2011-02-18 14:45 ra-endian Status confirmed => closed
2011-02-18 14:45 ra-endian Resolution open => fixed
2011-02-18 14:45 ra-endian Fixed in Version => 2.4.1
2011-02-28 09:24 tilman Note Added: 0005761
2011-02-28 09:24 tilman Status closed => feedback
2011-02-28 09:24 tilman Resolution fixed => reopened

Copyright © 2005-2008 Endian, SRL. All rights reserved.


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker