No they are not working with Lightning Wire Labs anymore --> https://www.lightningwirelabs.com/products/goodbye-fountain-networks , also i am not a member/employee of Lightning Wire Labs but a fan of IPFire (which might be a small but essential difference) so i would flip it back to you if you want to do so since, i do not have any business relations to the TX-Team but i would give them some feedback if i bought some of their stuff which does not work and would be tensed for their answer.
Having that said, IPFire never delivered OpenVPN with such settings
okok, i don’t know the relations for real, just heard that somewhere, but a time ago.
Thanks for the direct news.
I will contact them, to ask about this issue.
Your welcome ,
if you like, you can deliver here the essence of the answer since it seems that the TX-Team prefer own settings for IPFire on their sold hardware. If so, it can only be helpful for other potential and actual customers to know about that with the clear goal to outline that IPFire ISOs differs to IPFire which comes from the TX-Team .
I installed IPFire from scratch on this hardware, and had never configured OpenVPN or its certificates until recently. So either something in the backend process “touched” /var/ipfire/ovpn/server.conf as root, or the file was in the original distro with incorrect permissions.
Fyi
I had same issue (wrong o/g). This is a vendor installed ipfire, quoting vendor’s (teklager.se) answer:
I used the ISO image with “Core Update 145” and then updated the router to the latest “Core Update 147”. No other configuration has been made…
Have also downloaded today Core 147 and installed it in a VM to check the permissions in the /var/ipfire/ovpn/ directory again. Since you need to generate the PKI/DH-parameter to get all files (a working OpenVPN instance) i did a test before and after generation with the same results which are as follows:
The server.conf will only be created if you enable your interface, hit the save button and start the server which i did now for you again with the following result:
OpenVPN after creating the PKI/DH-Parameter but default parameter:
-rw-r--r-- 1 nobody nobody 915 Aug 3 11:55 server.conf
and here the log of the first start of the OpenVPN server instance with default settings:
[root@ipfire-VM ~]# grep openvpn /var/log/messages
Aug 3 11:56:49 ipfire-VM openvpnserver[4106]: OpenVPN 2.4.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jul 14 2020
Aug 3 11:56:49 ipfire-VM openvpnserver[4106]: library versions: OpenSSL 1.1.1g 21 Apr 2020, LZO 2.09
Aug 3 11:56:49 ipfire-VM openvpnserver[4107]: WARNING: --keepalive option is missing from server config
Aug 3 11:56:49 ipfire-VM openvpnserver[4107]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Aug 3 11:56:49 ipfire-VM openvpnserver[4107]: Diffie-Hellman initialized with 2048 bit key
Aug 3 11:56:49 ipfire-VM openvpnserver[4107]: CRL: loaded 1 CRLs from file /var/ipfire/ovpn/crls/cacrl.pem
Aug 3 11:56:49 ipfire-VM openvpnserver[4107]: WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1400)
Aug 3 11:56:49 ipfire-VM openvpnserver[4107]: ROUTE_GATEWAY 192.168.200.1/255.255.255.0 IFACE=red0 HWADDR=08:00:27:b6:87:3b
Aug 3 11:56:49 ipfire-VM openvpnserver[4107]: TUN/TAP device tun0 opened
Aug 3 11:56:49 ipfire-VM openvpnserver[4107]: TUN/TAP TX queue length set to 100
Aug 3 11:56:49 ipfire-VM openvpnserver[4107]: /sbin/ip link set dev tun0 up mtu 1400
Aug 3 11:56:49 ipfire-VM openvpnserver[4107]: /sbin/ip addr add dev tun0 local 10.11.239.1 peer 10.11.239.2
Aug 3 11:56:49 ipfire-VM openvpnserver[4107]: /sbin/ip route add 10.11.239.0/24 via 10.11.239.2
Aug 3 11:56:49 ipfire-VM openvpnserver[4107]: Could not determine IPv4/IPv6 protocol. Using AF_INET
Aug 3 11:56:49 ipfire-VM openvpnserver[4107]: Socket Buffers: R=[212992->212992] S=[212992->212992]
Aug 3 11:56:49 ipfire-VM openvpnserver[4107]: UDPv4 link local (bound): [AF_INET][undef]:1194
Aug 3 11:56:49 ipfire-VM openvpnserver[4107]: UDPv4 link remote: [AF_UNSPEC]
Aug 3 11:56:49 ipfire-VM openvpnserver[4107]: GID set to nobody
Aug 3 11:56:49 ipfire-VM openvpnserver[4107]: UID set to nobody
Aug 3 11:56:49 ipfire-VM openvpnserver[4107]: MULTI: multi_init called, r=256 v=256
Aug 3 11:56:49 ipfire-VM openvpnserver[4107]: IFCONFIG POOL: base=10.11.239.4 size=62, ipv6=0
Aug 3 11:56:49 ipfire-VM openvpnserver[4107]: IFCONFIG POOL LIST
Aug 3 11:56:49 ipfire-VM openvpnserver[4107]: Initialization Sequence Completed
just my two cents on this topic. I had the exact same issue on my new IPFire yesterday. I installed IPFire from scratch some months ago and prepared the config for my project. Yesterday I installed the rescent updates and wanted to start configuring the openvpn server which ended in the same error. I upgraded from Core 145 to 147. My other appliances are not affected. Would it be possible that this is caused by an update and only affects installations where openvpn wasn’t configured or running?