Every time I click save on the Save button for the Global Settings under OpenVPN I get 500 Internal Server Error
What error message did you see is the Log?
it may be found in /var/log/messages or maybe the http log.
I’m really not an expert, but on my ipfire box OpenVPN has been working for many years now. So I compared your screenshot with my screen and I see the following differences:
Local VPN Hostname/IP: you write coraltrain.com. Here I have my dyndns name like “bla-bla.dyndns.org”.
Protocol: you have TCP. I have UDP.
Encryption: you have AES-CBC. I have AES-GCM. I think I read that GCM is slightly better than CBC in terms of safety.
TLS Channel Protection: you have not activated that. I have it activated
OpenVPN subnet: I use 10.233.174.0/255.255.255.0
Not sure which difference might cause the problem. When I type coraltrain.com into my browser I get nothing. So maybe that could be a beginning if you put your public internet IP-address in there (if you have a fixed one) or your ddns-name (if you use a dynamic dns service).
Hope this helps.
There were no error messages in /var/log/messages. I even tail the log while clicking the save button and nothing gets logged.
I get the internal server error also when I click save for the cert creation pages, but the certs get created.
As for the /var/log/httpd/access_log i see:
192.168.54.88 - admin [02/Oct/2021:05:50:11 -0400] “GET /cgi-bin/ovpnmain.cgi HTTP/1.1” 200 19256
192.168.54.88 - - [02/Oct/2021:05:50:12 -0400] “GET /themes/ipfire/images/tux2.png HTTP/1.1” 304 -
192.168.54.88 - - [02/Oct/2021:05:50:12 -0400] “GET /images/openvpn.png HTTP/1.1” 304 -
192.168.54.88 - - [02/Oct/2021:05:50:12 -0400] “GET /images/on.gif HTTP/1.1” 304 -
192.168.54.88 - - [02/Oct/2021:05:50:12 -0400] “GET /images/edit.gif HTTP/1.1” 304 -
192.168.54.88 - - [02/Oct/2021:05:50:12 -0400] “GET /images/media-floppy.png HTTP/1.1” 304 -
192.168.54.88 - - [02/Oct/2021:05:50:12 -0400] “GET /images/info.gif HTTP/1.1” 304 -
192.168.54.88 - - [02/Oct/2021:05:50:12 -0400] “GET /images/delete.gif HTTP/1.1” 304 -
192.168.54.88 - - [02/Oct/2021:05:50:12 -0400] “GET /images/off.gif HTTP/1.1” 304 -
192.168.54.88 - admin [02/Oct/2021:05:50:12 -0400] “GET /cgi-bin/speed.cgi HTTP/1.1” 200 138
192.168.54.88 - admin [02/Oct/2021:05:50:14 -0400] “GET /cgi-bin/speed.cgi HTTP/1.1” 200 138
192.168.54.88 - admin [02/Oct/2021:05:50:16 -0400] “GET /cgi-bin/speed.cgi HTTP/1.1” 200 138
192.168.54.88 - admin [02/Oct/2021:05:50:18 -0400] “GET /cgi-bin/speed.cgi HTTP/1.1” 200 138
192.168.54.88 - admin [02/Oct/2021:05:50:20 -0400] “GET /cgi-bin/speed.cgi HTTP/1.1” 200 138
192.168.54.88 - admin [02/Oct/2021:05:50:22 -0400] “GET /cgi-bin/speed.cgi HTTP/1.1” 200 138
192.168.54.88 - admin [02/Oct/2021:05:50:24 -0400] “GET /cgi-bin/speed.cgi HTTP/1.1” 200 138
192.168.54.88 - admin [02/Oct/2021:05:50:26 -0400] “GET /cgi-bin/speed.cgi HTTP/1.1” 200 138
192.168.54.88 - admin [02/Oct/2021:05:50:26 -0400] “POST /cgi-bin/ovpnmain.cgi HTTP/1.1” 500 527
192.168.54.88 - admin [02/Oct/2021:05:50:39 -0400] “GET /cgi-bin/speed.cgi HTTP/1.1” 200 138
192.168.54.88 - admin [02/Oct/2021:05:50:41 -0400] “GET /cgi-bin/speed.cgi HTTP/1.1” 200 138
192.168.54.88 - admin [02/Oct/2021:05:50:43 -0400] “GET /cgi-bin/speed.cgi HTTP/1.1” 200 138
192.168.54.88 - admin [02/Oct/2021:05:50:45 -0400] “GET /cgi-bin/speed.cgi HTTP/1.1” 200 138
192.168.54.88 - admin [02/Oct/2021:05:50:47 -0400] “GET /cgi-bin/speed.cgi HTTP/1.1” 200 138
192.168.54.88 - admin [02/Oct/2021:05:50:49 -0400] “GET /cgi-bin/speed.cgi HTTP/1.1” 200 138
192.168.54.88 - admin [02/Oct/2021:05:50:51 -0400] “GET /cgi-bin/speed.cgi HTTP/1.1” 200 138
192.168.54.88 - admin [02/Oct/2021:05:50:53 -0400] “GET /cgi-bin/speed.cgi HTTP/1.1” 200 138
192.168.54.88 - admin [02/Oct/2021:05:50:55 -0400] “GET /cgi-bin/speed.cgi HTTP/1.1” 200 138
Yes I have tried those options you have as well. Same thing.
One thing I noticed is on the Main Page it shows OpenVPN as being online
Even though the OpenVPN Global Settings shows Stopped and when I click Start OpenVPN Server it does nothing.
I did see this in the /var/log/httpd/error_log:
Write out database with 1 new entries
Data Base Updated
Unable to open /var/ipfire/ovpn/server.conf: Permission denied at /srv/web/ipfire/cgi-bin/ovpnmain.cgi line 272.
[Fri Oct 01 19:42:06.276933 2021] [cgid:error] [pid 6023:tid 125327330235968] [client 192.168.54.88:55080] End of script output before headers: ovpnmain.cgi, referer: https://192.168.54.1:444/
Unable to open /var/ipfire/ovpn/server.conf: Permission denied at /srv/web/ipfire/cgi-bin/ovpnmain.cgi line 272.
[Fri Oct 01 19:55:12.663891 2021] [cgid:error] [pid 6023:tid 125326583645760] [client 192.168.54.88:55348] End of script output before headers: ovpnmain.cgi, referer: https://192.168.54.1:444/
Unable to open /var/ipfire/ovpn/server.conf: Permission denied at /srv/web/ipfire/cgi-bin/ovpnmain.cgi line 272.
[Sat Oct 02 05:30:29.523872 2021] [cgid:error] [pid 6023:tid 125327330235968] [client 192.168.54.88:59504] End of script output before headers: ovpnmain.cgi, referer: https://192.168.54.1:444/
Unable to open /var/ipfire/ovpn/server.conf: Permission denied at /srv/web/ipfire/cgi-bin/ovpnmain.cgi line 272.
[Sat Oct 02 05:45:07.944953 2021] [cgid:error] [pid 6023:tid 125327321843264] [client 192.168.54.88:59612] End of script output before headers: ovpnmain.cgi, referer: https://192.168.54.1:444/
Unable to open /var/ipfire/ovpn/server.conf: Permission denied at /srv/web/ipfire/cgi-bin/ovpnmain.cgi line 272.
[Sat Oct 02 05:50:28.033476 2021] [cgid:error] [pid 6023:tid 125326592038464] [client 192.168.54.88:59638] End of script output before headers: ovpnmain.cgi, referer: https://192.168.54.1:444/
It looks like the permissions for the /var/ipfile/ovpn/server.conf are different that the rest of the files in that directory.
Awesome! changed servr.conf owner and group to nobody and that got rid of the internal server error.
Logs are great! Thank you.
Now on to my other problem of the server not starting.
/var/log/messages has:
Oct 2 06:06:46 gatekeeper openvpnserver[28742]: DEPRECATED OPTION: ncp-disable. Disabling cipher negotiation is a deprecated debug feature that will be removed in OpenVPN 2.6
Oct 2 06:06:46 gatekeeper openvpnserver[28742]: Options error: --server directive network/netmask combination is invalid
Oct 2 06:06:46 gatekeeper openvpnserver[28742]: Use --help for more information.
The use of the word online means that one of OpenVPN on red, blue and/or orange has been selected. It does not mean that OpenVPN is started. If you unselect all of the OpenVPN on boxes then that OpenVPN line on the main page disappears. “Online” means that it has been enabled or selected as an option on one or more of the interfaces.
1 Like
Yeah I kind of figured that!