Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Firewall: can't create a rule with "vpn" role #5119

Closed
gsanchietti opened this issue Sep 29, 2016 · 5 comments
Closed

Firewall: can't create a rule with "vpn" role #5119

gsanchietti opened this issue Sep 29, 2016 · 5 comments
Labels
bug A defect of the software verified All test cases were verified successfully
Milestone

Comments

@gsanchietti
Copy link
Member

gsanchietti commented Sep 29, 2016

The user can't create any firewall rule involving the "vpn" role as source or destination.

Steps to reproduce

  • Install nethserver-openvpn and nethserver-ipsec
  • Create a firewall like: ACCPET vpn -> red

Expected behavior

  • The rule must be applied

Actual behavior

  • The system raises the error:

ERROR: Unknown source zone (lvpn) /etc/shorewall/rules (line 76)

Thanks to @dz00te for the bug report!

Reference: http://community.nethserver.org/t/openvpn-route-problem-on-ns7b2/4525

@gsanchietti gsanchietti added the bug A defect of the software label Sep 29, 2016
@gsanchietti gsanchietti added this to the v7 milestone Sep 29, 2016
gsanchietti added a commit to NethServer/nethserver-firewall-base that referenced this issue Sep 29, 2016
@gsanchietti
Copy link
Member Author

In nethserver-testing:

  • nethserver-firewall-base-3.1.0-1.3.g47e55e2.ns7.noarch.rpm
  • nethserver-firewall-base-ui-3.1.0-1.3.g47e55e2.ns7.noarch.rpm

Test case

  • Check the bug is not reproducible

@gsanchietti gsanchietti added the testing Packages are available from testing repositories label Sep 29, 2016
@dz00te dz00te self-assigned this Sep 29, 2016
@dz00te
Copy link
Member

dz00te commented Sep 29, 2016

System and Package Version installed
VM KVM - Nethserver 7b2 fully updated in production
Package Installed: openvpn and others...

Install Updated Package
yum --enablerepo=nethserver-testing install nethserver-firewall-base-3.1.0-1.3.g47e55e2.ns7.noarch nethserver-firewall-base-ui-3.1.0-1.3.g47e55e2.ns7.noarch

Test Results after update
OK. the rule is created without error and applied

Note
i have had some error in log , but i think not related to new packages
i'll do some other test on a clean installation before mark it as verified
Sep 29 18:57:16 colombo3 esmith::event[3510]: ERROR in /etc/e-smith/db/networks/migrate//trafficshaping.el7: Program fragment delivered error <<Can't call method "delete" on an undefined value at /etc/e-smith/db/networks/migrate//trafficshaping.el7 line 22.>> at template line 1
Sep 29 18:57:16 colombo3 esmith::event[3510]: ERROR: Template processing failed for /: 1 fragment generated errors
Sep 29 18:57:16 colombo3 esmith::event[3510]: at /usr/share/perl5/vendor_perl/esmith/DB.pm line 459.

Sep 29 18:58:18 colombo3 admin-todos: modinfo: ERROR: Module xt_ndpi not found.

Sep 29 18:58:45 colombo3 httpd: [EXCEPTION] RuntimeException 1405610072: Nethgui\Model\SystemTasks: Socket read error (in /usr/share/nethesis/Nethgui/Model/SystemTasks.php:166)

the xt_ndpi error sounds strange because...

#uname -a
Linux colombo3.framassa.org 4.4.19-1.el7.elrepo.x86_64 #1 SMP Sat Aug 20 17:07:51 EDT 2016 x86_64 x86_64 x86_64 GNU/Linux
# lsmod | grep xt_ndpi | head -n1
xt_ndpi               491520  0 

@dz00te
Copy link
Member

dz00te commented Sep 30, 2016

Update:
rechecked on a clean system, packages are correctly installed and rule created. set verified
For the other error in notes see the original thread on forum

@dz00te dz00te added verified All test cases were verified successfully and removed testing Packages are available from testing repositories labels Sep 30, 2016
@dz00te dz00te removed their assignment Oct 1, 2016
@dz00te dz00te added testing Packages are available from testing repositories and removed verified All test cases were verified successfully labels Oct 3, 2016
gsanchietti added a commit to NethServer/nethserver-firewall-base that referenced this issue Oct 3, 2016
@dz00te
Copy link
Member

dz00te commented Oct 3, 2016

new tests with:

nethserver-firewall-base-3.1.0-1.4.gbd9f255.ns7.noarch.rpm
nethserver-firewall-base-ui-3.1.0-1.4.gbd9f255.ns7.noarch.rpm

the original problem was already solved, and with latest packages i can correctly create a firewall rule with "Role VPN" also without install ipsec.

@dz00te dz00te added verified All test cases were verified successfully and removed testing Packages are available from testing repositories labels Oct 3, 2016
@gsanchietti
Copy link
Member Author

Released:

  • nethserver-firewall-base-3.1.1-1.ns7.noarch.rpm
  • nethserver-firewall-base-ui-3.1.1-1.ns7.noarch.rpm

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug A defect of the software verified All test cases were verified successfully
Projects
None yet
Development

No branches or pull requests

2 participants