Cockpit OpenVPN and IPSec UI

Hi all,
we’ve just completed the new VPN UI for cockpit that links both IPSec and OpenVPN configuration under the same module.

• Issue: Link
• Repo: Link

Overview

This module contains 6 menu items:

Dashboard

Contains statistics about your vpn tunnels, both IPsec and OpenVPN (also for roadwarrior).

vpn_1.png1132×918 53.3 KB

IPSec

You can create, update or delete IPSec tunnels and also enable or disable each tunnels.

vpn_2.png1143×919 41 KB

OpenVPN tunnels

You can create, update, delete, enable or disable both server and client tunnels. For server tunnels you can also download the configuration.

vpn_3.png1148×921 56.8 KB

OpenVPN roadwarriors

You can enable or disable your roadwarrior server and configure it. You can create, update, delete, enable, disable, and disconnect roadwarrior user.

vpn_5.png1143×917 42.5 KB

You can also download or send_with_email the configuration of roadwarrior account:

vpn_4.1.png1143×509 42.5 KB

Logs and About

Contains the standard views to check logs and get info about the module.

Main news

Roadwarrior

• send OpenVPN configuration using mail
• automatic creation of host object on IP reservation
• passtos option is enabled by default

IPSec / OpenVPN tunnels

• statistics

Breaking changes

Roadwarrior

• push custom routes (not editable from the old Server Manager)
• protocol change UDP/TCP (not compatible with the old Server Manager)
• enable/disable accounts (not compatible with the old Server Manager)
• algorithm and compression selection (not editable from the old Server Manager)

The whole module is almost done, we are doing little cosmetic adjustments.

Thank you do @dz00te for the excellent testing!

excuse my ignorance, but how can I install the new modules in the cockpit?? I only see legacy links to each module.

edit: I may have found my answer… have to remove the old version and install cockpit again.

unfortunatly that didn’t work… it only installed the version previously removed.

(1/2): nethserver-cockpit-lib-0.8.0-1.7.g151b22a.ns7.noarch.rpm | 28 kB 00:00:00
(2/2): nethserver-cockpit-0.8.0-1.7.g151b22a.ns7.noarch.rpm | 2.1 MB 00:00:06

Total 314 kB/s | 2.2 MB 00:00:07
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : nethserver-cockpit-lib-0.8.0-1.7.g151b22a.ns7.noarch 1/3
Installing : nethserver-cockpit-0.8.0-1.7.g151b22a.ns7.noarch 2/3
Cleanup : nethserver-cockpit-lib-0.8.0-1.ns7.noarch 3/3
Verifying : nethserver-cockpit-lib-0.8.0-1.7.g151b22a.ns7.noarch 1/3
Verifying : nethserver-cockpit-0.8.0-1.7.g151b22a.ns7.noarch 2/3
Verifying : nethserver-cockpit-lib-0.8.0-1.ns7.noarch 3/3

Installed:
nethserver-cockpit.noarch 0:0.8.0-1.7.g151b22a.ns7

Dependency Updated:
nethserver-cockpit-lib.noarch 0:0.8.0-1.7.g151b22a.ns7

Complete!

Any hints for an idiot who probably missed the post detailing how it’s done?

Hi,
the command is:

yum install --enablerepo=nethserver-testing nethserver-vpn-ui nethserver-ipsec-tunnels nethserver-openvpn

Hi friends,

really like it! Especially the security part in roadwarrior service with dropdownmenus for digest, cipher and TLS. Also to push custom routes. Everything needed is there.

Great work! Thank you very much!

EDIT: But I can save the advanced options. Not in Firefox nor in Opera. Click on save-button and nothing happens.

Released!

Still have this problem. Does this work on your side?
PS: in original post I wrote “can” instead of “can’t”. Sorry.

It works for me at least in the RoadWarrior page.

In which page do you have the problem?

In RoadWarrior page:

grafik.png710×562 16.4 KB

If I click on save, nothing happens.

I still can’t reproduce. Maybe you have a validation error?
If you expand the “Advanced options” section and then click to “Save”, what happens?

Is there anything relevant inside the browser console?

It doesn’t work ether with or without changing advanced options. I tried all variants.
I’m not at work today. No relevant info in browser console.
It’s an older test vm, so I’ll setup a completely new one from scratch. On this machine I did a lot of installations and rollbacks, so maybe it time to let it die…
I’ll give response when it done.

o.k. I installed a new instance from scratch, Updated it completely and installed some modules.

But I have still the same problem.
I found this in messages.log:

Jun 21 09:33:44 neth-test cockpit-ws: New connection to session from 192.168.0.10 Jun 21 09:33:45 neth-test cockpit-bridge: Can't exec "ipsec": No such file or directory at /usr/libexec/nethserver/api/nethserver-vpn/lib/vpn_functions.pl line 35. Jun 21 09:33:45 neth-test cockpit-bridge: readline() on closed filehandle FH at /usr/libexec/nethserver/api/nethserver-vpn/lib/vpn_functions.pl line 36. Jun 21 09:33:45 neth-test cockpit-bridge: Use of uninitialized value $props{"TCPPort"} in string ne at /usr/libexec/nethserver/api/nethserver-vpn/openvpn-rw/read line 94. Jun 21 09:33:45 neth-test cockpit-bridge: No entry for terminal type "unknown"; Jun 21 09:33:45 neth-test cockpit-bridge: using dumb terminal settings.

Ho did you install?

Please try this package:

If i doesn’t work, to fix install nethserver-ipsec-tunnels

yum install nethserver-ipsec-tunnels

Installed from iso interactive. Set german keyboard and set fixed IP for green interface manually.
Rest with welcome page of server manager. Then updated everything. Accountprovider is local AD.
No installation via CLI. Only from sofwarecenter.
It’s a vm on proxmox. Nothing special.

Downladed it and installed it locally, but didn’t help.

istalled it (PS you missed an s at the end in your command) but unfortunally also didn’t help.

This is from log:

grafik.png1387×594 28 KB

You can find a new version in testing repository which should address problems when one or more package is not installed.
Thank you for your feedback!

Sorry for bad news, but problem still remains.

My installed packages:

openvpn-2.4.7-1.el7.x86_64
nethserver-openvpn-1.8.0-1.ns7.noarch
nethserver-vpn-ui-1.0.0-1.4.g8524b23.ns7.noarch

and:

cockpit-ws-183-1.el7.x86_64
cockpit-bridge-183-1.el7.x86_64
cockpit-system-183-1.el7.noarch
nethserver-cockpit-lib-0.9.2-1.1.g9f1b6db.ns7.noarch
cockpit-storaged-183-1.el7.noarch
cockpit-packagekit-183-1.el7.noarch
nethserver-cockpit-0.9.2-1.1.g9f1b6db.ns7.noarch
cockpit-183-1.el7.x86_64

EDIT: tested with firefox and edge.

Thank you for your time!
I can’t reproduce anymore, but I will ask @davide_marini to check again and try to reproduce.

I tried it again. Setup a new vm from latest iso interactive in proxmox-ve. After installation was complete, I updated the machine to latest updates and installed only VPN from softwarecenter (old GUI). Then I created a bridge br0 to green interface.
After installation of new servermanager (alpha) I tried to manage the vpn from cockpit and again, if I click on save-button nothing happens and nothing is configured in old GUI.
Tried that from a win 10 client with 3 different brwoers and from a win7 client with 2 diefferent browsers. Evertime the same.

Please can someone from @support_team or @quality_team reproduce this? Please reply also if it works on your side, so I know, if have a problem on my side.

TIA Ralf

Happens as @flatspin said, but only when freshly configuring roadwarrior in bridge mode, from cockpit UI.

Just by accessing roadwarrior page you get:

Jun 28 01:29:23 local cockpit-bridge: Use of uninitialized value $props{"TCPPort"} in string ne at /usr/libexec/nethserver/api/nethserver-vpn/openvpn-rw/read line 96.

When pressing save for roadwarrior in bridged mode, you get:

Jun 28 01:29:29 local cockpit-bridge: No entry for terminal type "unknown";
Jun 28 01:29:29 local cockpit-bridge: using dumb terminal settings.

If you fill the network and netmask fields on routed mode (without saving it), and then change to bridged mode filling the corresponding fields, then you are able to save the changes. Also note both settings (values from routed and bridged fields) are saved in e-smith db.

A side note: in routed mode, the validation example for the network field shows an ip (10.0.0.1) instead of a network.