foris-controller-openvpn-module issueshttps://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues2021-03-08T18:22:59+01:00https://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues/22VPN server is not accessible after transport protocol change2021-03-08T18:22:59+01:00Vojtech MyslivecVPN server is not accessible after transport protocol change### Steps to reproduce
Tried with reForis on MOX in HBT/TOS 5.1.10
1. Setup default (via UDP) and working OpenVPN server.
2. Restart a router to make sure everything works as expected after reboot
3. Go to reforis, exchange trasport pr...### Steps to reproduce
Tried with reForis on MOX in HBT/TOS 5.1.10
1. Setup default (via UDP) and working OpenVPN server.
2. Restart a router to make sure everything works as expected after reboot
3. Go to reforis, exchange trasport protocol to UDP and click save
Now, OpenVPN server becomes inaccessible - it does not listen on UDP anymore and TCP port 1194 is closed by the firewall.
### Recommended solution
The root cause is IMO in _reloading_ the firewall which leads to not applying the rule to open TCP prot (it also let the UDP port open!). Once I _restart_ the firewall manually via ssh, the openvpn server becomes accessible.
Please also verify that the `openvpn` service is restarted after the change in step 3.https://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/issues/18udp6/tcp6 combined with IPv4 address in client configuration2021-04-30T14:19:20+02:00Lukas Jelinekudp6/tcp6 combined with IPv4 address in client configurationIf a user check _Listen on IPv6_ it generates `proto udp6` or `tcp6` to client configuration files. But `remote` still contains an IPv4 address. This configuration won't work because it can't resolve IPv4 addresses for IPv6 communication...If a user check _Listen on IPv6_ it generates `proto udp6` or `tcp6` to client configuration files. But `remote` still contains an IPv4 address. This configuration won't work because it can't resolve IPv4 addresses for IPv6 communication.
## Steps to reproduce
1. Check _Listen on IPv6_ on the _OpenVPN -> Server Settings_ page.
2. Generate a client configuration on the _OpenVPN -> Client Registration_ page.
3. Download the configuration and use it in an OpenVPN client.
## Expected behavior
Unfortunately, it can't be determined what _Listen on IPv6_ exactly means (whether IPv4 should be used or not). Because of this, there can be two distinct ways how to work with it.
### IPv6 without IPv4
The checkbox should be available only if IPv6 is enabled and working. If checked, it should generate `proto udp6/tcp6` together with an IPv6 address in `remote`.
### IPv4 + IPv6
Another option should be available to choose which protocol to be used. It should generate `proto` and `remote` for the selected protocol.
## Actual behavior
According to the checkbox state, `proto` contains `udp/tcp` or `udp6/tcp6`. Regardless to the checkbox state, `remote` contains an IPv4 address.foris-controller-openvpn-module: IPv6 fix