OpenVPN CRL - strange problem

[AndreyPopov]

I make own mod for Merlin firmware with only one instance of OpenVPN server and client and try store all keys and certificates on jffs - to free nvram

all work like I plan except:

nvram key always after start OpenVPN Server sets with full certificate
vpn_crt_server_crl=---------------- BEGIN CERTIFICATE --------------
but this key must contain revocation list.

- in openvpn.c exist code to create crl.pem if vpn_crt_server_crl not empty
- only one place when vpn_crt_server_crl can sets is Advanced_VPN_OpenVPN in "Key and Certification" popup window.

but when reset to Factory Default - this window is empty
after start OpenVPN server key become
vpn_crt_server_crl=---------------- BEGIN CERTIFICATE --------------

my aid is free nvram and move all keys and certificate to jffs. but unknow thread always sets vpn_crt_server_crl to certificate.

please, all who use OpenVPN, check your vpn_crt_server_crl or vpn_crt_server1_crl or vpn_crt_server2_crl keys - they empty or filled?

 

[RMerlin]

My CRL fields are empty here.

 

[AndreyPopov]

finded and solved.

when try store certificates and keys on jffs (not in nvram) - some files like ca.crt must be copied to client.ovpn

I use next:

sprintf(fpath, "/etc/openvpn/server/ca.crt", serverNum);
fp = fopen(fpath, "r");
set_crt_parsed(&buffer[0], fpath); //read from file to nvram
fprintf(fp_client, "%s", get_parsed_crt(&buffer[0], buffer2)); //write to file from nvram

 

[AndreyPopov]

&buffer[0] is temp variable, but unfortunatly previously operation was:

sprintf(&buffer[0], "vpn_crt_server_crl", serverNum);

and

set_crt_parsed(&buffer[0], fpath);

write to nvram vpn_crt_server_crl

 

[AndreyPopov]

add some lines before and after (add temp nvram)

nvram_set("vpn_tmp","");
sprintf(&buffer[0], "vpn_tmp");
-
-
-
nvram_unset("vpn_tmp");

now work!

thanks

 

[AndreyPopov]

need help again.

OpenVPN not want autostart start after reboot.

what algorithm to autostart?

 

[RMerlin]

need help again.

OpenVPN not want autostart start after reboot.

what algorithm to autostart?

378.50 code relies on the new vpn_serverx_start variable rather than the old vpn_serverx_eas one, which was colliding with Asus's way of using it.

 

[AndreyPopov]

378.50 code relies on the new vpn_serverx_start variable rather than the old vpn_serverx_eas one, which was colliding with Asus's way of using it.

I already modified source after 378.3913 merge.

where autostart must be checked?

vpn_serverx_start now sets to "1,"
VPNServer_enable=1
vpn_server_state=2


from VPN-OpenVPN start-stop work.


one more question:

after 378.3913 merge status icons WiFi, Guest, WAN - not active

it always gray and even point mouse - nothing happen/

what hardware specific modofocation of state.js in 3913 that can block status icons?

 

[AndreyPopov]

OpenVPN server autostart only when WAN is connected? is it right?

 

[AndreyPopov]

please, when you have free time says me why:

www/state.js
this code
from https://github.com/RMerl/asuswrt-merlin/blob/master/release/src/router/www/state.js#L2830
to https://github.com/RMerl/asuswrt-merlin/blob/master/release/src/router/www/state.js#L2849
can break status icons and Internet status

but the code
from https://github.com/RMerl/asuswrt-me...142cef1/release/src/router/www/state.js#L2628
to https://github.com/RMerl/asuswrt-me...142cef1/release/src/router/www/state.js#L2643
work well

 

[RMerlin]

please, when you have free time says me why:

www/state.js
this code
from https://github.com/RMerl/asuswrt-merlin/blob/master/release/src/router/www/state.js#L2830
to https://github.com/RMerl/asuswrt-merlin/blob/master/release/src/router/www/state.js#L2849
can break status icons and Internet status

The order of the entries in the parsed XML data matters. You can't mix my JS code with Asus's XML file, and vice-versa. My code has a few additioonal entries to handle the two openvpn server instances among things.

 

[AndreyPopov]

The order of the entries in the parsed XML data matters. You can't mix my JS code with Asus's XML file, and vice-versa. My code has a few additioonal entries to handle the two openvpn server instances among things.

I use only your code.