Client Export on 2.0 Release creates corrupted Windows installers



  • I upgraded my pf from 2.0 RC3 to Release and everything is working fine, except today I generated a bunch of users for my OpenVPN with the Client Export utility, and though it generates the exe's fine, when they are run on Windows, a terminal window appears briefly, showing "Program too big to fit in memory".

    Apparently, when this message is shown, its usually a corrupted exe file, or an exe that is missing some header information.

    As far as I can tell, the other configurations are generated fine, its just the exes. They used to work fine in RC3. Previously generated exes and VPN users can connect fine.

    I tried reinstalling, removing-rebooting-reinstalling, but it seems the same. I tried looking at logs but the export utility doesn't seem to generate any.

    Anything I could check? Thanks.



  • I am seeing the same thing.  The files seem to be the same size, and a version created with RC3 works, the version created in 2.0 is corrupted.



  • Maybe its only the zip (exe) creation function not working correctly. Regarding the file size, its the same as non-corrupted exes (RC3) (2.1MB), so I guess its mostly doing the same as the previous version.



  • Poking around in the file with a hex editor, I find the following in the first few bytes.

    .Warning: Missing argument 8 for openvpn_client_export_installer(), called in /usr/local/www/vpn_openvpn_export.php on line 336 and defined in /usr/local/pkg/openvpn-client-export.inc on line 278.MZ….......

    This message doesn't appear in the working executable.



  • Nice kitdavis. I edited out the PHP warning from the exe and it now runs and shows the installation icon, but it gets stuck at 0%…

    Anyway, looking at the /usr/local/pkg/openvpn-client-export.inc files from RC3 and the new one, there are a few differences, with a new parameter for advanced options, even though version is still listed as 0.9.

    If you add any option to the Additional configuration options field (like ping 10), and then choose the Windows Installer option, I get three errors and no exe:

    The following input errors were detected:

    This server uses UDP protocol and cannot communicate with HTTP proxy.
    Could not create a config to export.
    Failed to export config files!

    If you select any other option, the additional options do go into the config files, except with the Viscosity option, where the config file is not appended with the additional options.

    Tried replacing the inc file with the RC3 file but that didn't work either. I guess the issue is somewhere else, but we're getting close. Maybe if we just stop PHP from sending warning output.



  • Ok so I added an error handler to the openvpn-client-export.inc file such that warnings are not printed to the exe. Tried and it works again!

    If you want to try this, edit /usr/local/pkg/openvpn-client-export.inc and add these lines after the require_once lines at the beginning of the file:

    function ignoreError($errno, $errstr) {
      //does nothing...
    }
    
    set_error_handler("ignoreError",E_WARNING);
    

    I guess the problem still remains if you need to add additional options, but I have little time at the moment and this patch will do for now.



  • Thanks for the tip, gus.  Ive been tearing my hair out over this.

    I took the liberty of modifying that slightly:

    function ignoreError($errno, $errstr) {
      exec("echo {$errno} >>/tmp/OVPNErrors.log");
      exec("echo {$errstr} >>/tmp/OVPNErrors.log");
    }
    
    set_error_handler("ignoreError",E_WARNING);
    

    "cat /tmp/OVPNError.log" returns the insightful and explanatory "2".

    Anyone have an idea what that could mean?  Any gurus on this type of code (PHP?) know how to make it return the calling function as a part of the error handler?



  • limecat, if you use the set_error_handler to handle all errors (by removing the second parameter E_WARNING), then you'll probably get more detail, I just wanted to limit the warnings which were affecting the exe files.



  • Ill try that.

    Off topic, is there any chance to modify the way the exes are generated here?  The OpenVPN client is not forcing admin priveleges on startup, which is an issue if you are trying to push routes.

    EDIT:
    A little more detail:

    [2.0-RELEASE][root@pfsense.localdomain]/tmp(17): cat OVPNError.log
    8
    Undefined index: id
    8
    Undefined index: usrid
    8
    Undefined index: crtid
    8
    Undefined index: password
    8
    Undefined index: disable
    2
    8
    Undefined index: disable
    8
    Undefined variable: conf_dir
    8
    Undefined index: disable
    8
    Undefined variable: advancedoptions
    8
    Undefined index: disable
    8
    Undefined index: disable
    [2.0-RELEASE][root@pfsense.localdomain]/tmp(18):
    
    


  • limecat, the admin rights on Vista/7 seem to be an issue with the way OpenVPN Client works with Windows and the permissions to change the system routes. I don't think that can be changed directly on the exe, as it needs to be installed, and then the user must manually check the Property > Compatibility > Run as Admin option to execute as administrator. It is even on the OpenVPN-GUI FAQ and on a README that is distributed with the client, so I don't have much hope for a way to automatically change this. Maybe a Visual Basic script or a batch could solve this…



  • Roger, yea I just figured that out.

    Any thoughts on the errors listed?  PHP isnt really my thing, although if noone else has any immediate thoughts I can take a look in a bit.

    EDIT: Got quite a bit of additional log output from the error handler…

    
    [2.0-RELEASE][root@pfsense.localdomain]/tmp(3): vi OVPNError.log
    
    8
    Undefined index: id
    8
    Undefined index: usrid
    8
    Undefined index: crtid
    8
    Undefined index: password
    8
    Undefined index: disable
    2
    8
    Undefined index: disable
    8
    Undefined variable: conf_dir
    8
    Undefined index: disable
    8
    Undefined variable: advancedoptions
    8
    Undefined index: disable
    8
    Undefined index: password
    8
    Undefined index: disable
    2
    8
    Undefined index: disable
    8
    Undefined variable: conf_dir
    8
    Undefined index: disable
    8
    Undefined variable: advancedoptions
    8
    Undefined index: disable
    8
    Undefined index: disable
    8
    Undefined index: id
    8
    Undefined index: act
    8
    Undefined index: enablefirebuglite
    8
    Undefined index: remote_managed_pages
    8
    Undefined variable: helpurl
    8
    Uninitialized string offset: 0
    8
    Uninitialized string offset: 0
    8
    Uninitialized string offset: 0
    8
    Uninitialized string offset: 0
    8
    Uninitialized string offset: 0
    8
    Undefined index: wireless
    8
    Undefined index: wireless
    8
    Undefined variable: wifdescrs
    8
    Uninitialized string offset: 0
    8
    Uninitialized string offset: 0
    8
    Uninitialized string offset: 0
    8
    Undefined variable: targetinfo
    8
    Undefined variable: targetinfo
    8
    Undefined variable: targetinfo
    8
    Undefined variable: targetinfo
    8
    Undefined variable: targetinfo
    8
    Undefined variable: targetinfo
    8
    Undefined variable: targetinfo
    8
    Undefined variable: targetinfo
    8
    Undefined variable: targetinfo
    8
    Undefined variable: targetinfo
    8
    Undefined variable: targetinfo
    8
    Undefined variable: input_errors
    8
    Undefined variable: savemsg
    8
    Undefined variable: targetinfo
    8
    Undefined variable: targetinfo
    8
    Undefined variable: targetinfo
    8
    Undefined variable: targetinfo
    8
    Undefined variable: targetinfo
    8
    Undefined variable: targetinfo
    8
    Undefined variable: targetinfo
    8
    Undefined variable: targetinfo
    8
    Undefined variable: targetinfo
    8
    Undefined variable: input_errors
    8
    Undefined variable: savemsg
    8
    Undefined index: sindex
    :q
    
    


  • The root cause of the problem is that vpn_openvpn_export.php is missing a parameter on the call to openvpn_client_export_installer() (as the warning says).

    In openvpn-client-export.inc, there is a "proxy" parameter that allows some proxy settings to be passed to the .ovpn file.  I modified the /usr/local/www/vpn_openvpn_export.php file to pass this parameter in and the EXE is generated correctly now.  The $proxy array is being filled in, but then nothing is ever done with it, so I'm assuming it was supposed to be included in the call to generate the installer on line 336

    Old line 336:

    $exp_path = openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $usetoken, $password, $advancedoptions);
    

    New line 336:

    $exp_path = openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $usetoken, $password, $proxy, $advancedoptions);
    

    I'm not 100% certain if this is the correct fix, but it seems logical and works for me.



  • Nice, thanks Ryand833. This also solves the errors when adding additional configuration options.



  • Brilliant, im applying it to my test boxes now.

    Any way to sticky this or draw it to attention of the "powers that be"?



  • Fixed by jimp in "trunk" version git within minutes after reporting it via pfsense's bugtracker redmine


Log in to reply