foris-controller-openvpn-module issueshttps://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues2024-03-07T16:44:16+01:00https://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues/32tls_auth2024-03-07T16:44:16+01:00Štěpán Henektls_authit might be nice to generate tls_auth somehowit might be nice to generate tls_auth somehowŠtěpán HenekŠtěpán Henekhttps://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues/31Display list of activelly connected clients2022-12-16T10:31:31+01:00Michal HruseckyDisplay list of activelly connected clientsWould be nice to see whether somebody is currently connected and who it is.Would be nice to see whether somebody is currently connected and who it is.https://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues/29Hosts on LAN seems not to be accessible from VPN clients2022-09-26T17:31:31+02:00Martin MatějekHosts on LAN seems not to be accessible from VPN clientsWe currently use routed VPN (tun) and VPN clients have IP address from different subnet.
For example:
```
LAN: 192.168.1.0/24
VPN: 10.111.111.0/24
```
Actually, hosts on LAN are reachable as packets are routed to the LAN subnet, but fr...We currently use routed VPN (tun) and VPN clients have IP address from different subnet.
For example:
```
LAN: 192.168.1.0/24
VPN: 10.111.111.0/24
```
Actually, hosts on LAN are reachable as packets are routed to the LAN subnet, but from the VPN client's point of view, the host in LAN looks unreachable.
For example: web server on 192.168.1.25 with at least basic firewall, will reject the packets, because of unexpected source IP.
```
10.111.111.2 (client) -> 192.168.1.25:80 (target host)
```
Perhaps 1:1 NAT would help here?https://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues/28Add option to export/import the OpenVPN server CA and config2022-01-04T17:31:01+01:00Martin MatějekAdd option to export/import the OpenVPN server CA and configrelated to: turris/reforis/reforis-openvpn#30
Add functionality to be able to import or export OpenVPN server config across Turris devices.related to: turris/reforis/reforis-openvpn#30
Add functionality to be able to import or export OpenVPN server config across Turris devices.https://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues/26Server configuration is broken when wrong VPN network address specified2021-05-31T09:06:49+02:00Jan BetikServer configuration is broken when wrong VPN network address specifiedI made a mistake in reForis OpenVPN Server settings, filling the 10.98.1.1 value in the VPN network address field while keeping the VPN network mask field intact. The settings were accepted but the server did not start and the log was fl...I made a mistake in reForis OpenVPN Server settings, filling the 10.98.1.1 value in the VPN network address field while keeping the VPN network mask field intact. The settings were accepted but the server did not start and the log was flooded with
```
May 26 21:18:59 turris openvpn(server_turris)[6363]: Options error: --server directive network/netmask combination is invalid
May 26 21:18:59 turris openvpn(server_turris)[6363]: Use --help for more information.
May 26 21:19:04 turris openvpn(server_turris)[6369]: Options error: --server directive network/netmask combination is invalid
May 26 21:19:04 turris openvpn(server_turris)[6369]: Use --help for more information.
```
messages.
It would be nice to have the IP range check implemented.https://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues/21The server does not make the IPv6 network behind it accessible2020-12-13T03:01:45+01:00Stepan RechnerThe server does not make the IPv6 network behind it accessibleIt is only possible to access the computers behind the server on IPv4, even if they have IPv6 addresses. And it is not possible to access those computers, which have only IPv6 addresses.
Even in reForis at the server configuration, only...It is only possible to access the computers behind the server on IPv4, even if they have IPv6 addresses. And it is not possible to access those computers, which have only IPv6 addresses.
Even in reForis at the server configuration, only the IPv4 VPN network address can be configured.https://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues/19Add ability to configure subnet routed trough host2020-11-27T01:51:52+01:00Karel KociAdd ability to configure subnet routed trough hostBy adding _client-config-dir_ file for given host and by adding `route` and `push route` to server configuration.
This, together with turris/foris-controller/foris-controller-openvpn_client-module#17, should allow site-to-site VPN conne...By adding _client-config-dir_ file for given host and by adding `route` and `push route` to server configuration.
This, together with turris/foris-controller/foris-controller-openvpn_client-module#17, should allow site-to-site VPN connection.https://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues/12foris-controller-openvpn-module: Cleanup firewall rules and interface configu...2020-01-28T14:02:27+01:00Martin Matějekforis-controller-openvpn-module: Cleanup firewall rules and interface configuration after uninstallNetwork interface and firewall zones & rules configuration stay as-is after package removal.
It shouldn't break anything, however it clutters various config files with unused configuration, which could interfere with something else.
re...Network interface and firewall zones & rules configuration stay as-is after package removal.
It shouldn't break anything, however it clutters various config files with unused configuration, which could interfere with something else.
related issue turris/bughunt#40https://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues/11Preserve user-configured push settings2021-02-10T11:38:28+01:00Vojtech MyslivecPreserve user-configured push settingsWhen a user want to tune OpenVPN server settings, it is possible to edit `/etc/config/openvpn` manually. However, `push` UCI list is rewriten when "save" button is pressed in OpenVPN tab.When a user want to tune OpenVPN server settings, it is possible to edit `/etc/config/openvpn` manually. However, `push` UCI list is rewriten when "save" button is pressed in OpenVPN tab.https://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues/8Tune IPv6 VPN connection2022-12-19T22:34:30+01:00Vojtech MyslivecTune IPv6 VPN connection- [ ] OpenVPN server should listen on both IPv4 and IPv6 by default `proto udp6`/`proto tcp6`
- [ ] OpenVPN client should should not enforce IPv4/IPv6 (turris/foris-controller/foris-controller-openvpn-module#18)
- [x] However, to take ad...- [ ] OpenVPN server should listen on both IPv4 and IPv6 by default `proto udp6`/`proto tcp6`
- [ ] OpenVPN client should should not enforce IPv4/IPv6 (turris/foris-controller/foris-controller-openvpn-module#18)
- [x] However, to take advantage of dual stack connection, one should have to configure DNS name of the router/VPN server (turris/reforis/reforis-openvpn#22)
- [ ] Also check whether some firewall rules is not missing (I am not able to configure working IPv6 VPN server)https://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues/2generate tls_auth as well2023-05-11T14:49:37+02:00Štěpán Henekgenerate tls_auth as wellhttps://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues/1add option than connected clients can connect to other connected clients2019-12-17T16:04:37+01:00Štěpán Henekadd option than connected clients can connect to other connected clientsMain openvpn confing
```
"client_to_client", "1"
```
+ it might be necessary to add some fw rules as wellMain openvpn confing
```
"client_to_client", "1"
```
+ it might be necessary to add some fw rules as wellŠtěpán HenekŠtěpán Henek