This version is compiled with this patch applied: /usr/portage/net-misc/openvpn/files/openvpn-2.1.0-stdbool.patch This patch breaks features in openvpn. I noticed this when using the eurephia plug-in. This plug-in expects to get two environment variables called 'ifconfig_pool_remote_ip' and 'ifconfig_pool_netmask'. But due to this faulty patch, those variables gets an extra '_ip' extension, so they become 'ifconfig_pool_remote_ip_ip' and 'ifconfig_pool_netmask_ip' Compiling openvpn *without* this stdbool patch, openvpn behaves as expected. Reproducible: Always Steps to Reproduce: 1. Compile openvpn-2.1.0 with USE=eurephia 2. Compile and install eurephia with debug logging 3. Configure openvpn + eurephia, set eurephia log level >= 30 4. Observe in the eurephia log that the environment variable is named wrong when openvpn_plugin_func_v1(ctx, PLUGIN_CLIENT_CONNECT, ...) and openvpn_plugin_func_v1(ctx, PLUGIN_LEARN_ADDRESS, ...) is called. Solution: A. Recompile openvpn-2.1.0 without the openvpn-2.1.0-stdbool.patch B. Run the test case above, and notice that the variable names are correct. Actual Results: eurephia fails to properly register the a user session, due to missing IP address and network netmask of the VPN client. Which again leads to VPN users not being able to access network resources, as eurephia could not update the iptables according to their access profile. Expected Results: eurephia to work properly, which it does without the stdbool patch. --emerge --info --------------------------------------------------------------- Portage 2.1.6.13 (hardened/linux/x86/10.0, gcc-4.3.4, glibc-2.9_p20081201-r2, 2.6.28-hardened-r9 i686) ================================================================= System uname: Linux-2.6.28-hardened-r9-i686-Intel-R-_Pentium-R-_D_CPU_2.80GHz-with-gentoo-1.12.13 Timestamp of tree: Mon, 21 Dec 2009 14:30:01 +0000 distcc 3.1 i686-pc-linux-gnu [disabled] app-shells/bash: 4.0_p35 dev-lang/python: 2.4.6, 2.5.4-r3, 2.6.4 dev-python/pycrypto: 2.0.1-r8 dev-util/cmake: 2.8.0 sys-apps/baselayout: 1.12.13 sys-apps/sandbox: 1.6-r2 sys-devel/autoconf: 2.13, 2.63-r1 sys-devel/automake: 1.10.2 sys-devel/binutils: 2.18-r3 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.6a virtual/os-headers: 2.6.27-r2 ACCEPT_KEYWORDS="x86" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=pentium4 -O2 -fomit-frame-pointer -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /var/bind" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/udev/rules.d" CXXFLAGS="-march=pentium4 -O2 -fomit-frame-pointer -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="distlocks fixpackages nostrip parallel-fetch protect-owned sandbox sfperms strict unmerge-orphans userfetch userpriv" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" LDFLAGS="-Wl,-O1" MAKEOPTS="-j4" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/src/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="7zip acl acpi bash-completion bashlogger bzip2 c++ caps catalogs chroot clamav clamd client-only compress cpio cpudetection cpulimit cracklib crypt cscope ctype curl curlwrappers daemon dar64 device-mapper dlz dnotify emacs extensions fping ftp gdbm glsa gnutls gpm gvim gzip hardened hpn iconv idn ipv6 ithreads justify largeterminal lha libclamav logrotate logwatch lzo lzw maildir management mmx mudflap multiuser nat ncurses net networking nids nls no-old-linux nolvm1 nptl nptlonly on-the-fly-crypt onaccess openmp openssh openssl opensslcrypt pam pcre perl pmu posix postfix procmail python readline reiser4 reiserfs resolvconf rtc screen sftp sftplogging smp spamassassin sqlite sse sse2 ssl sysfs syslog tcpd threadsafe threadsonly transparent-proxy truetype-fonts type1-fonts unicode unzip upnp ups urandom vchroot vhosts virus-scan x86 xattr xml xmlreader xmlwriter xslt zlib zsh-completion" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="apm ark chips cirrus cyrix dummy fbdev glint i128 i740 intel mach64 mga neomagic nsc nv r128 radeon rendition s3 s3virge savage siliconmotion sis sisusb tdfx tga trident tseng v4l vesa via vmware voodoo" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, LC_ALL, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS --emerge --info - END ---------------------------------------------------------
It seems to be linked to the use of bool for flags in setenv_sockaddr, setenv_in_addr_t, setenv_link_socket_actual instead of unsigned int. I'm working on a patch.
Created attachment 214304 [details, diff] openvpn-2.1.0-stdbool-r1.patch Could you test with this patch?
Attached new stdbool patch didn't work for me, similar issue even without using eurephia USE. Client computer just never connects to vpn server when openvpn on server has stdbool patch. Not sure if the same happen when only client has stdbool patch and I cannot try it now, because openvpn connection is now only way to downgrade openvpn to rc21 or remove stdbool patch there (no public IP on client). FYI: found e-mail from original reporter in upstream ML http://sourceforge.net/mailarchive/forum.php?thread_name=4B30D01B.6010709@topphemmelig.net&forum_name=openvpn-devel
*** Bug 298811 has been marked as a duplicate of this bug. ***
Patch remove in CVS.
(In reply to comment #5) > Patch remove in CVS. What a pity. Your revision of the patch looks good, especially as using 'bool' as type for a field that holds multiple flags, that are later on extracted with bitwise operations looks plain wrong. However, the original basic.h defined 'bool' to be 'int' not 'unsigned int'. How about changing all occurences of 'unsigned int' that the patch introduces to 'int' ... shouldn't that recover the old behavior with respect to flag extraction? Can you guys give it a try?
(In reply to comment #6) > (In reply to comment #5) > > Patch remove in CVS. > What a pity. > > Your revision of the patch looks good, especially as using 'bool' as type for a > field that holds multiple flags, that are later on extracted with bitwise > operations looks plain wrong. > However, the original basic.h defined 'bool' to be 'int' not 'unsigned int'. > How about changing all occurences of 'unsigned int' that the patch introduces > to 'int' ... shouldn't that recover the old behavior with respect to flag > extraction? > > Can you guys give it a try? I would strongly discourage to try to "fix" such issues in Gentoo like this. Such discussions should be fixed upstream and then be handled from there. The reason for that is that the upstream versions are tested and used by a lot of people on a broader set of platforms and distributions, and I believe the upstream version is also heavily tested by the OpenVPN team. If there are code pieces which looks wrong in OpenVPN, it should be fixed upstream and not in the distribution. Of course, if there are patches needed to run the software flawlessly on Gentoo, then they need to go in like extra patches in Gentoo only. But to fix issues like changing variable types behaviour or coding style, even when such patches looks harmless is pointless IMHO.
Hello, Can you please try master, should fix this issue, ebuikd at bug#409577. Thanks!
