Hi All, hi Adolf,
I am experiencing a similar issue as you. But first I would like to say
that I find it very very (!) sad that the openvpn WUI does not have any
separation of the subnets anymore! This feature was very helpful and
clean. Now all certificates are mixed together, and it's not that easy
anymore to see which client is in which network! It would be very nice,
if this feature could be brought back to IPFire! Especially for setups
with multiple subnets this separation was helpful!
But now to the connection issues:
The new CU seems to push a wrong gateway. I have several subnets running
my dynamic pool is 10.22.0.0/24, the first subnet uses 10.22.1.0/24, an
two other subnets are using 10.22.2.0/24. All clients that aren't in the
dynamic pool have static IPs.
Which the CU 196 a client in 10.22.2.0/24 gets the following routes:
2025-08-11 21:04:44 net_addr_ptp_v4_add: 10.22.2.2 peer 10.22.2.1 dev tun0
2025-08-11 21:04:44 net_route_v4_add: 10.22.0.1/32 via 10.22.2.1 dev
[NULL] table 0 metric -1
2025-08-11 21:04:44 net_route_v4_add: 10.99.0.0/24 via 10.22.2.1 dev
[NULL] table 0 metric -1
This is all correct an works, but with the new CU 197 the following
route is pushed:
2025-08-11 20:53:23 net_addr_v4_add: 10.22.2.2/24 dev tun0
2025-08-11 20:53:23 net_route_v4_add: 10.99.0.0/24 via 10.22.0.1 dev
[NULL] table 0 metric -1
2025-08-11 20:53:23 sitnl_send: rtnl: generic error (-101): Network is
unreachable
2025-08-11 20:53:23 ERROR: Linux route add command failed
Obvioulsy this can't work.
Best regards,
Peer
On 11/08/2025 16:51, Adolf Belka wrote:
Hi All,
Further testing feedback of OpenVPN-2.6
I tested out the existing client connections to my android phone and
my linux laptop.
Both connections connected. Ping worked on the laptop but not on the
android. Accessing the IPFire WUI via the openvpn rw tunnel worked for
both android and laptop.
I then created new client connections.
The linux laptop connection worked without any issues.
The android client did not want to work with the .ovpn file with the
certificates built in. It said that it had obtained the required info
from inline but the connection failed within a couple of lines in the
log, so some problem.
I then removed the inline certificate lines from the .ovpn file and
used the .p12 and ta.key files, adding the appropriate lines into the
.ovpn file to reference them.
The connection worked without any problem. In addition the ping now
worked with this android connection.
Regards,
Adolf.
On 11/08/2025 16:01, Adolf Belka wrote:
Hi All,
Have found a little issue. Not sure if it is critical or not.
My existing connections on OpenVPN are working fine and the network
topology has been changed in most places but not in the ccd files.
I have a connection called ipfiretesting which before the upgrade had
10.110.30.5 and 10.110.30.6.
After the upgrade to 197 if I edit the entry it shows that it is
using 10.110.30.6
However if I look in /var/ipfire/ovpn/ccd/ipfiretesting it still has
the line
ifconfig-push 10.110.26.6 10.110.26.5
If I then create a new client connection then all the ccd files get
updated and ipfiretesting now contains
ifconfig-push 10.110.30.6 255.255.255.0
So if a user upgrades but doesn't create a new client connection all
the ccd files will stay with the old format. Not sure what this would
or wouldn't do for the connection but I think after the upgrade it
would be good to update all the ccd files but not sure how to make
that happen.
Regards,
Adolf.
On 11/08/2025 11:28, IPFire Project wrote:
**IPFire 2.29 – Core Update 197** is now available for testing. This
release introduces a significant overhaul of OpenVPN, upgrading to
version 2.6 with improved security, broader client compatibility,
and a modernised codebase — all without requiring changes to
existing configurations. System performance has also been optimised
to allow the CPU to remain in power-saving states more often,
reducing energy consumption. As with every release, this update
includes a large number of package updates to ensure your system
remains secure and reliable.
IPFire_
IPFire 2.29 - Core Update 197 is available for testing
**IPFire 2.29 – Core Update 197** is now available for testing. This
release introduces a significant overhaul of OpenVPN, upgrading to
version 2.6 with improved security, broader client compatibility,
and a modernised codebase — all without requiring changes to
existing configurations. System performance has also been optimised
to allow the CPU to remain in power-saving states more often,
reducing energy consumption. As with every release, this update
includes a large number of package updates to ensure your system
remains secure and reliable.
Read The Full Post On Our Blog
<https://www.ipfire.org/blog/ipfire-2-29-core-update-197-is-available-for-testing?utm_medium=email&utm_source=blog-announcement>
The IPFire Project, c/o Lightning Wire Labs GmbH, Gerhardstraße 8,
45711 Datteln, Germany
Unsubscribe <https://www.ipfire.org/unsubscribe>
--
Mit freundlichem Gruß
Peer Dietzmann
Brecht-IT | Administration und Support
Brecht-Schule Hamburg GmbH
Norderstrasse 163-165 | 20097 Hamburg
Tel.: +49 40 21 11 12 - 37 | Fax: +49 40 21 11 12 - 20
E-Mail: [email protected] | www.brecht-schule.hamburg
Diese Email enthält ggfs. vertrauliche und/oder rechtlich geschützte
Informationen.
Wenn Sie nicht der richtige Adressat sind oder diese Email irrtümlich erhalten
haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Email.
Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Email ist nicht
gestattet.
