The zip file generated is always {name}-TO-IPFire.zip I dont know how long the name could be but I assume no spaces so paul-vpn-Athens should be valid name so the generated zip would be, paul-vpn-athens-TO-IPFire.zip
Is there a reason the literal “-TO-IPFire” has to be there? (line 2316 in ovpnmain.cgi)
I would much prefer to have a “paul-vpn-athens.zip”
EDIT: it seems I cannot use dash as part of the filename. I thought that’s an acceptable char.
When a new connection is created, “name” and “User’s full name or system hostname” are required. The name appears in the Connection Status but the hostname does not. (The hostname is used to insert values into the vpn sqlite db).
Later on, when I request OpenVPN Connections Logs, the hostname or whatever I typed in that field shows as Connection Name, not the name I used. For best practices, use the same name and system hostname so that it matches the user’s name and the report for the log files.
For consistency, I think {name} should be carried out in all pages/reports.
{name} in Connection Status (ovpnmain.cgi)
{name} in OpenVPN Connections Log (ovpnclients.dat)
I cannot create two profiles “name=bob hostname=AWS-West” and “name=alice hostname=AWS-West” since there will be a duplicate entry in the vpn db for AWS-West. Indeed, I get an error, OpenSSL error 256. (see bug# 11307) I think we should report on {name} connection times.
I’m fully aware of that line … the question is, why is ipfire excluding those valid characters? Is that by design? To me, a filename, paul-connect-vpn-aws is more readable than paulconnectvpnaws
It could just be by accident that only letters and numbers were selected in which case it is a simple change.
It could be that elsewhere in the cgi code the first - in the -TO-IPFIRE section is used as a seperator. In that case any code change is more complicated.
You will probably have to hunt through the code to see if the connection name is split at the - or not. I don’t know enough about the code to know one way or the other.
I think Erik is busy with other things at the moment so less likely to get a response from him.
Nothing broke … I modified line 3845 of ovpnmain.cgi to accept _ (underscore). I was able to create a new profile, paul_connect_aws. I d/l the zip file to my laptop, made a successful connection.
But … as my suggestion in the original post, what is stored in the ovpn database is not paul_connect_aws but the connection name (which is zotac.lan) When I look at the OpenVPN Connections Log, I see an entry for zotac.lan instead of paul_connect_aws.
The ovpnmain.cgi is 6000+ lines long and it is difficult to figure where it stores connection_name instead of name. Later on, the /usr/sbin/openvpn-metrics.dat is able to report on the clients.db
INSERT INTO sessions VALUES('zotac.lan','2022-04-23 15:58:39','2022-04-23 16:09:31',283602,302502);
If I can find how to change the INSERT to
INSERT INTO sessions VALUES('paul_connect_aws','2022-04-23 15:58:39','2022-04-23 16:09:31',283602,302502);
then everything will work. That’s all I have for now.
Hi paul,
sorry for the late replay but there is currently lots of action around.
According to the special characters it seems that you come closer to a possible solution ?
According to the common-name-length INTEGER, i think 64 characters are specified → https://www.ietf.org/rfc/rfc5280.txt .
Regarding to the “Connections Status” from ovpnmain.cgi, the server.conf includes ‘–status-version 1’ which writes the traditional format (default) with fixed parameters → openvpn whereby the “Common Name” comes to play.
The ‘clientsovpn.dat’ uses the indices from the ovpnconfig array (in that case [2]) → git.ipfire.org Git - ipfire-2.x.git/blob - html/cgi-bin/logs.cgi/ovpnclients.dat to get there the values from.