2.25 core 145 testing, OpenVPN metrics HTTP 500

Hi,
the new OpenVPN metrics page does not work for me. HTTP error 500 “internal server error” is displayed at /cgi-bin/logs.cgi/ovpnclients.dat

My httpd/error.log (edit: VPN IP removed)
[Tue May 26 00:01:39.879284 2020] [mpm_event:notice] [pid 3342:tid 134457884996288] AH00489: Apache/2.4.43 (Unix) OpenSSL/1.1.1g configured – resuming normal operations
DBD::SQLite::db prepare failed: no such table: sessions at /srv/web/ipfire/cgi-bin/logs.cgi/ovpnclients.dat line 150.
DBD::SQLite::db prepare failed: no such table: sessions at /srv/web/ipfire/cgi-bin/logs.cgi/ovpnclients.dat line 150.
[Tue May 26 00:40:40.388244 2020] [cgid:error] [pid 3347:tid 134457776404224] [client (my-pc):64155] End of script output before headers: ovpnclients.dat, referer: https://(my-ipfire):444/

Core Update 145 Development Build: master/91b23ce0

Regards

+1

imagen1019×200 16.3 KB

+1

From 144 stable to 145 testing
and
from scratch 145 testing ISO

This has already been fixed if you reinstall the update from unstable:

https://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=75bb55e716f57667d6a34a99f15fc0cdacc1081b

I do not get what you are trying to say…

I applied the patch manually and can confirm that it works properly now:

IPfire-metrics-fixed1018×497 18.9 KB

@pike_it I don’t get it either… I can’t/won’t update my IPfire box to the “unstable” branch (for obvious reasons), so this right here is the most up-to-date testing feedback I can provide. I don’t see what’s wrong with that.

Also fixed page.

But I have been testing and no connection appears. What can I look at ?.

Thank you Michael.

I have been doing more tests without result, no data appears.

imagen933×202 16.7 KB

|17:41:45|openvpnserver[3050]: Portatil/xxx.xxx.xxx.xxx:7861 SENT CONTROL [Portatil]: |'PUSH_REPLY,route 10.113.239.1,topology net30,route 10.254.0.0 255.255.255.0,ifc onfig 10.113.239.6 10.113.239.5,peer-id 0' (status=1)|
|---|---|---|
|17:41:45|openvpnserver[3050]: |Portatil/xxx.xxx.xxx.xxx:7861 PUSH: Received control message: 'PUSH_REQUEST'|
|17:41:44|openvpnserver[3050]: |Portatil/xxx.xxx.xxx.xxx:7861 MULTI: primary virtual IP for Portatil/xxx.xxx.xxx. xxx:7861: 10.113.239.6|
|17:41:44|openvpnserver[3050]: |Portatil/xxx.xxx.xxx.xxx:7861 MULTI: Learn: 10.113.239.6 -> Portatil/xxx.xxx.xxx. xxx:7861|
|17:41:44|openvpnserver[3050]: |Portatil/xxx.xxx.xxx.xxx:7861 MULTI_sva: pool returned IPv4=10.113.239.6, IPv6=(N ot enabled)|
|17:41:44|openvpnserver[3050]: |Portatil/xxx.xxx.xxx.xxx:7861 OPTIONS IMPORT: reading client specific options fro m: /var/ipfire/ovpn/ccd/Portatil|
|17:41:44|openvpnserver[3050]: |xxx.xxx.xxx.xxx:7861 [Portatil] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx.56:7861|
|17:41:44|openvpnserver[3050]: |xxx.xxx.xxx.xxx:7861 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GC M-SHA384, 2048 bit RSA|
|17:41:44|openvpnserver[3050]: |xxx.xxx.xxx.xxx:7861 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key|
|17:41:44|openvpnserver[3050]: |xxx.xxx.xxx.xxx:7861 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key|
|17:41:44|openvpnserver[3050]: |xxx.xxx.xxx.xxx:7861 peer info: IV_GUI_VER=OpenVPN_GUI_11|
|17:41:44|openvpnserver[3050]: |xxx.xxx.xxx.xxx:7861 peer info: IV_TCPNL=1|
|17:41:44|openvpnserver[3050]: |xxx.xxx.xxx.xxx:7861 peer info: IV_COMP_STUBv2=1|
|17:41:44|openvpnserver[3050]: |xxx.xxx.xxx.xxx:7861 peer info: IV_COMP_STUB=1|
|17:41:44|openvpnserver[3050]: |xxx.xxx.xxx.xxx:7861 peer info: IV_LZO=1|
|17:41:44|openvpnserver[3050]: |xxx.xxx.xxx.xxx:7861 peer info: IV_LZ4v2=1|
|17:41:44|openvpnserver[3050]: |xxx.xxx.xxx.xxx:7861 peer info: IV_LZ4=1|
|17:41:44|openvpnserver[3050]: |xxx.xxx.xxx.xxx:7861 peer info: IV_NCP=2|
|17:41:44|openvpnserver[3050]: |xxx.xxx.xxx.xxx:7861 peer info: IV_PROTO=2|
|17:41:44|openvpnserver[3050]: |xxx.xxx.xxx.xxx:7861 peer info: IV_PLAT=win|
|17:41:44|openvpnserver[3050]: |xxx.xxx.xxx.xxx:7861 peer info: IV_VER=2.4.7|
|17:41:44|openvpnserver[3050]: |xxx.xxx.xxx.xxx:7861 VERIFY OK: depth=0, C=ES, ST=Bizkaia, O=North Secure, OU=Nor th Secure, CN=Portatil|
|17:41:44|openvpnserver[3050]: |xxx.xxx.xxx.xxx:7861 VERIFY SCRIPT OK: depth=0, C=ES, ST=Bizkaia, O=North Secure, OU=North Secure, CN=Portatil|
|17:41:44|openvpnserver[3050]: |xxx.xxx.xxx.xxx:7861 VERIFY OK: depth=1, C=ES, ST=Bizkaia, L=Derio, O=North Secur e, OU=Informatica, CN=North Secure CA, emailAddress=contacto@northsecure.es|
|17:41:44|openvpnserver[3050]: |xxx.xxx.xxx.xxx:7861 VERIFY SCRIPT OK: depth=1, C=ES, ST=Bizkaia, L=Derio, O=Nort h Secure, OU=Informatica, CN=North Secure CA, emailAddress=contacto@northsecure. es|
|17:41:43|openvpnserver[3050]: |xxx.xxx.xxx.xxx:7861 TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:7861, sid=8 831bd78 93fc1498|
|17:41:43|openvpnserver[3050]: |xxx.xxx.xxx.xxx:7861 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1400)|
|17:11:57|openvpnserver[3050]: |Telefono/xxx.xxx.xxx.xxx:19705 SIGTERM[soft,remote-exit] received, client-instanc e exiting|
|17:11:49|openvpnserver[3050]: |Telefono/xxx.xxx.xxx.xxx:19705 AEAD Decrypt error: bad packet ID (may be a replay ): [ #9 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings|

And this is what appears:

imagen981×395 18.6 KB

Logically, I have closed the connection and nothing appears or waiting for a while.

I have tried with both that I have without result.

Any ideas?.

Regards.

Does you OpenVPN server configuration file have the lines that call the metrics script? Those should be the last two lines.

Hi Michael. Thanks for reply.

This is my server config file:

#OpenVPN Server conf

daemon openvpnserver
writepid /var/run/openvpn.pid
#DAN prepare OpenVPN for listening on blue and orange
;local xxxxxxxxxxx.dedyn.io
dev tun
proto udp
port 1194
script-security 3
ifconfig-pool-persist /var/ipfire/ovpn/ovpn-leases.db 3600
client-config-dir /var/ipfire/ovpn/ccd
tls-server
ca /var/ipfire/ovpn/ca/cacert.pem
cert /var/ipfire/ovpn/certs/servercert.pem
key /var/ipfire/ovpn/certs/serverkey.pem
dh /var/ipfire/ovpn/ca/dh1024.pem
server 10.113.239.0 255.255.255.0
tun-mtu 1400
route 10.149.60.0 255.255.255.0
status-version 1
status /var/run/ovpnserver.log 30
ncp-disable
cipher AES-256-GCM
auth SHA256
max-clients 100
tls-verify /usr/lib/openvpn/verify
crl-verify /var/ipfire/ovpn/crls/cacrl.pem
user nobody
group nobody
persist-key
persist-tun
verb 3

I not see nothing.

Regards.

My server.conf also contains these lines:

# Log clients connecting/disconnecting
client-connect "/usr/sbin/openvpn-metrics client-connect"
client-disconnect "/usr/sbin/openvpn-metrics client-disconnect"

Edit: Typo. Still getting used to this english thing…
I’m not sure if these lines were added automatically during the update? I created & deleted a test client to try if this would fix the HTTP 500 issue. Which might have caused OpenVPN to re-write the server.conf.
Try changing/saving the server options, this should re-write the server.conf and add the missing lines.

You are BIG @luani.

Copying by hand yours lines in my server.conf works fine.

Many thanks!!!.

Regards.

I’m still on 144. Why is 145 still available, when it’s known as buggy?

Yes, new builds should be tested and experiences are important. But more important is for users (us), that they (we) can click on “update” and get a running system.

I don’t know, who/how to decide when an update is drawn back, but there should be such a process.

Michael

Hi Michael,
don’t worry, your system will be fine!
At the moment, core 145 is pre-released in the “testing” branch and is not yet available for general users.

We (the testers) decided to run these unfinished/potentially buggy releases on our machines, to be able to provide feedback to the developers. The bugs mentioned here won’t affect you at all.

Regards

PS @ms can we move/tag this as testing feedback, to avoid further confusion?

Those configuration directives should automatically be added when the update is being installed and they should be written into the configuration file when you save the configuration on the web UI.

We test releases. Bugs happen. That is the way we iron them out.

You can and should(!) contribute to that then.