Topic: smeserver-openvpn-bridge update

[Franco]

Hi everyone.
The new version of the contrib smeserver-openvpn-bridge works, but the problem is that there are so many changes between the previous one and this one, that it cannot work just out of the box. In fact, the update has been pushed in smecontribs repo by error. The problem is now corrected and it has been remove from smecontribs to go in smetest repo so automatic upgrades won't causes problems. I just need some time to write the documentation and the upgrade procedure, as soon at it'll be ready, I'll move back the contrib to smecontribs repo.

Sorry for the inconveniance, just let me some time to write the documentation and you'll be able to use the latest and greatest version of the contrib.

Cheers, Daniel

Thanks Daniel,
Let me know when it's ready to be tested.
Meanwhile, I'll be using in routed mode.

Cheers,

[soprom]

Ok, thanks Daniel for your work. I appreciate it.

From what I've seen in the new version I wish you'd keep/add some parameters in the manager panel:

- with or without password authentification
- change port to something else
- add "explicit-exit-notify 2" in the .ovpn (might be covered with the options)
- add "--port-share" option for using tcp/443 for tunneling

I hope to be testing this soon!

[Daniel B.]

Ok, thanks Daniel for your work. I appreciate it.

From what I've seen in the new version I wish you'd keep/add some parameters in the manager panel:

- with or without password authentification

This is still possible. But now, there's only two authentication method: certificate+login/password and certificate only

- change port to something else

This option has been removed from the panel (in fact, I tried to make it simpler), but can still be changed with the key in the db

- add "explicit-exit-notify 2" in the .ovpn (might be covered with the options)

It's not present for now, but not a bad idea. I'll do some test and may add this in a futur release

- add "--port-share" option for using tcp/443 for tunneling

Of course I've allready think about this as it would make the VPN accessible from anywhere. But it's not implemented for now for several reason:
- port-share is only available since openvpn 2.1 which isn't stable yet
- it'll require a lot of tweaks as it'll need to modify apache configuration to listen on another port.

[soprom]

but can still be changed with the key in the db

Thanks for your comments.

Limiting configuration to the db is probably a tough decision for developers. I understand that balancing usability and functionality is time consuming. But the idea is, for us users, to manage the server from the server-manager. Every time we have to go to the CLI, we are getting away from this concept.

But don't take me wrong, I appreciate your contribs and the ones from others, and I work a lot from the CLI. But the server-manager is a great asset...

[Daniel B.]

I've started the documentaion on the wiki. It's available here: http://wiki.contribs.org/OpenVPN_Bridge
It's not finished, but it's a good starting point.

[jonic]

From my observations trying to remove smeserver-bridge-interface by using yum doesn't work. The server locks and outputs to the screen a message like :
"Unregistered netdevice ... count 1".
I have succeeded uninstalling it by setting first the status of the bridge service as disabled and  issuing a signal-event post-upgrade; signal-event reboot. Then the yum remove command worked ok.

[Franco]

From my observations trying to remove smeserver-bridge-interface by using yum doesn't work. The server locks and outputs to the screen a message like :
"Unregistered netdevice ... count 1".
I have succeeded uninstalling it by setting first the status of the bridge service as disabled and  issuing a signal-event post-upgrade; signal-event reboot. Then the yum remove command worked ok.

That didn't help me
I opened a new bug http://bugs.contribs.org/show_bug.cgi?id=5143

[Daniel B.]

The problem was a typo in the wiki page, it's now updated. I've closed the bug report, please re-open it if the problem still occures.

Thanks.

[Franco]

Hi,
Thank you for the fast reply.
This has fixed the problem, but a signal-event post-upgrade, signal-event reboot is required to get the physical interfaces back.

Mercy,