Koozali.org: home of the SME Server
Obsolete Releases => SME 9.x Contribs => Topic started by: Arnaud on April 05, 2017, 09:23:58 PM
-
Hi,
the server OpenVPN-routed of my SME9 x86-64 64 bits fails since the update from yesterday:
openvpn.x86_64 2.4.1-3.el6 smecontribs
php-fedora-autoloader.noarch 1.0.0-0.1.rc1.el6 smecontribs
On the client I get the message:
read UDP [ECONREFUSED]: Connection refused (code=111)
And the journal of the SME is contains a mountain of:
PLUGIN_INIT: could not load plugin shared object /usr/lib/openvpn/plugin/lib/openvpn-auth-pam.so: /usr/lib/openvpn/plugin/lib/openvpn-auth-pam.so: cannot open shared object file: No such file or directory: No such file or directory (errno=2)
Exiting due to fatal error
I had a check into the file system:
- I don't have any folder "/usr/lib/openvpn"
- but I have a folder with the missing file "/usr/lib64/openvpn/plugins/openvpn-auth-pam.so"
=> I will try to make a temporary symbolic link
What do you think?
Bye
Arnaud
-
What do you think?
I think you should report the problem via the Bug Tracker. There's a link at the top of this forum.
-
something is wrong on your side.. is your server a fresh install? do you have any custom template?
I guess you're using smeserver-openvpn-bridge
on a fresh install (x86_64), in /etc/openvpn/bridge/openvpn.conf I read
# Plugin for user-auth
plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so login
that comes from /etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/40userAuth
which is your smeserver-openvpn-bridge release?
mine is smeserver-openvpn-bridge-2.1-7
-
'update since yesterday'
Did you catch the new updates from CentOS 6.9 perhaps?
-
I don't think so, centos6.9 updates are available since today :-)
in any case, we need feedback from Arnaud
-
works for me as Stefano
# rpm -qa |grep openvp
smeserver-openvpn-bridge-2.1-7.el6.sme.noarch
openvpn-2.4.1-3.el6.x86_64
the update was from smecontribs as per first post, and was propagated there from epel.
I suggest also the presence of a template-custom.
-
Hi,
thanks for the replies.
I think you should report the problem via the Bug Tracker.
If the problem comes from the update and not from my config, I'll do it. I just want to be sure before, in order to avoid to create a bug-report because of an error sitting between chair and keyboard... 8)
something is wrong on your side.. is your server a fresh install? do you have any custom template?
The server isn't a fresh install but was absolutely up to date since the update of last Tuesday.
As it is a "working" machine, I have of course some custom templates, but I don't think (I had a look into my setups) to have any dealing in direction of openvpn
I guess you're using smeserver-openvpn-bridge
Yes, I have smeserver-openvpn-bridge installed, but disabled at this time.
I have smeserver-openvpn-routed installed too and enabled. This is what makes trouble since the update of the rpm "openvpn". The messages of error into the journal are coming from this service.
on a fresh install (x86_64), in /etc/openvpn/bridge/openvpn.conf I read
# Plugin for user-auth
plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so login
By me too.
I had a look into /etc/openvpn/routed and here there is:
plugin /usr/lib/openvpn/plugin/lib/openvpn-auth-pam.so login :shock:
that comes from /etc/e-smith/templates/etc/openvpn/bridge/openvpn.conf/40userAuth
I will have a look!
I didn't update my backup server => on it I have the state before Tuesday => I will have a look an it too!
which is your smeserver-openvpn-bridge release?
mine is smeserver-openvpn-bridge-2.1-7
by me too.
The release of smeserver-openvpn-routed is smeserver-openvpn-routed-0.1.5-1 (repo FWS)
'update since yesterday'
Did you catch the new updates from CentOS 6.9 perhaps?
No, I have made no supplementary update since Tuesday.
I know that some new updates are available since today but I won't run them before this issue isn't solved (I don't want to add some potential problems...)
Thanks for the help.
Bye
Arnaud
-
well.. it seems that smeserver-openvpn-routed has a bug :-)
please check your custom templates and open a bug, thank you
-
On the not updated server:
- /etc/openvpn/routed:
plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so login
- etc/e-smith/templates/etc/openvpn/routed/openvpn.conf/40auth:
{
my $userAuth = ${'openvpn-routed'}{Authentication} || 'CrtWithPass';
if ($userAuth eq 'CrtWithPass'){
my $plugin_dir = (-d "/usr/lib64/openvpn/plugin/lib") ?
'/usr/lib64/openvpn/plugin/lib':'/usr/lib/openvpn/plugin/lib';
$OUT .= "plugin ".$plugin_dir."/openvpn-auth-pam.so login\n";
}
$OUT .= '';
}
On the updated server:
- /etc/openvpn/routed:
plugin /usr/lib/openvpn/plugin/lib/openvpn-auth-pam.so login
- etc/e-smith/templates/etc/openvpn/routed/openvpn.conf/40auth:
{
my $userAuth = ${'openvpn-routed'}{Authentication} || 'CrtWithPass';
if ($userAuth eq 'CrtWithPass'){
my $plugin_dir = (-d "/usr/lib64/openvpn/plugin/lib") ?
'/usr/lib64/openvpn/plugin/lib':'/usr/lib/openvpn/plugin/lib';
$OUT .= "plugin ".$plugin_dir."/openvpn-auth-pam.so login\n";
}
$OUT .= '';
}
=> the template is the same but the directories of the "openvpn-auth-pam.so" has changed:
On the not updated server:
ls /usr/lib64/openvpn
plugin plugins
ls -l /usr/lib64/openvpn/plugin/lib/
total 0
lrwxrwxrwx 1 root root 53 31 mars 15:54 openvpn-auth-pam.so -> /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so
lrwxrwxrwx 1 root root 54 31 mars 15:54 openvpn-down-root.so -> /usr/lib64/openvpn/plugins/openvpn-plugin-down-root.so
On the updated server:
ls /usr/lib64/openvpn
plugins
=> IMHO as the "plugin" directory disappeared during the update of "openvpn", the template should be modifies by changing the "plugin" into "plugins" by the test "my $plugin_dir = (-d "/usr/lib64/openvpn/plugin/lib") ?"
-
since you're the bridged contrib too, check the 40auth fragment in its templates dir..
it'd show you some code that deal with i386 and x86_64 arch
-
good idea!
But it's too late for today -> tomorrow.....
-
Hi,
good news: using the right folders and the right file name makes openvpn-routed run again :lol:
Modification of the template:
my $plugin_dir = (-d "/usr/lib64/openvpn/plugins") ?
'/usr/lib64/openvpn/plugins':'/usr/lib/openvpn/plugin/lib';
$OUT .= "plugin ".$plugin_dir."/openvpn-plugin-auth-pam.so login\n";
=> I'll open a bug.
Thanks a lot for your support, it made me find quite rapidly the problem and a possible solution. :-)
Bye
Arnaud
PS: smeserver-openvpn-routed comes from the repo of fws and not smecontribs!
Should I contact Daniel directly?
-
Open a bug here, even if it is on fws repo, it has a bug track here : https://bugs.contribs.org/enter_bug.cgi?product=SME%20Contribs
Please post the bug link here after.
-
see the big link: https://bugs.contribs.org/show_bug.cgi?id=10220
-
Is anyone else still getting this connection error bug with open vpn or is it just me?
-
hi there, welcome
the bug above is marked "solved", so you'd be sure you're using the last version of the contrib and post some logs to help us to help you