The OpenVPN Road Warrior (RW) server cannot be configured through the web UI when a leftover directory (typically /etc/openvpn/ns_roadwarrior1 or /etc/openvpn/ns_roadwarrior1/pki/issued/) is present on disk. This state appears often after migrations or partial/failed installs: the UI fails to create the server and shows an unclear validation-style error instead of a helpful message or remediation steps. Operators currently resort to manually removing the folder as a workaround.
Steps to reproduce
- On a NethServer 8 system, create the directory tree
mkdir -p /etc/openvpn/ns_roadwarrior1/ (it can be empty or contain only server certificate files such as server.crt).
- Open the NethServer web UI and go to the OpenVPN Road Warrior page.
- Click "Create server" (or enable the Road Warrior server) from the UI.
- Observe the UI response — the server is not created and the UI reports an error that looks like a validation failure (no clear toast/error text or actionable remediation).
Expected behavior
- The UI should allow creating/configuring the Road Warrior server when no valid client certs exist, or should present a clear, actionable error message explaining why configuration cannot proceed.
- If the presence of the directory indicates a broken/partial state from migration, the UI should either: (a) detect and repair the partial state (for example, remove an empty/invalid issued/ directory after verifying there are no usable certificates), or (b) present an explicit instruction (or button) to "clean up leftover Road Warrior state" or to copy the API command to continue, instead of showing a generic validation error.
Actual behavior
When the leftover directory exists, the backend returns an error that the UI interprets (or displays) as a validation error with no clear guidance. The creation is blocked, no useful toast notification is shown, and there is no copy-as-command button in the UI for the API call.
Workaround
The problem can be fixed by removing the directory:
rm -rf /etc/openvpn/ns_roadwarrior1/`
References
Support tickets with saved exports / instances of the issue:
Private discussion:https://mattermost.nethesis.it/nethesis/pl/7ykwcby8djns5dyuk8tgidg9mh
The OpenVPN Road Warrior (RW) server cannot be configured through the web UI when a leftover directory (typically /etc/openvpn/ns_roadwarrior1 or /etc/openvpn/ns_roadwarrior1/pki/issued/) is present on disk. This state appears often after migrations or partial/failed installs: the UI fails to create the server and shows an unclear validation-style error instead of a helpful message or remediation steps. Operators currently resort to manually removing the folder as a workaround.
Steps to reproduce
mkdir -p /etc/openvpn/ns_roadwarrior1/(it can be empty or contain only server certificate files such as server.crt).Expected behavior
Actual behavior
When the leftover directory exists, the backend returns an error that the UI interprets (or displays) as a validation error with no clear guidance. The creation is blocked, no useful toast notification is shown, and there is no copy-as-command button in the UI for the API call.
Workaround
The problem can be fixed by removing the directory:
References
Support tickets with saved exports / instances of the issue:
Private discussion:https://mattermost.nethesis.it/nethesis/pl/7ykwcby8djns5dyuk8tgidg9mh