On the most recent rolling release, OpenVPN appears to be broken on boot and any time a commit is attempted, but the same exact configuration can be used with 1.2-RC11 without any issues. I've verified the problem is present on:
- 1.2.0-rolling+201902130337
- 1.2.0-rolling+201902210337
Here is the relevant (sanitized) portion of my configuration (note: I did also try removing the openvpn-option portions to no avail):
vyos@cr03-vyos# show +description "Someone's VPN" +encryption aes256 +hash sha256 +keep-alive { + failure-count 3 + interval 10 +} +local-host 1.2.3.4 +mode server +openvpn-option "--tun-mtu 1472" +openvpn-option "--sndbuf 0" +openvpn-option "--rcvbuf 0" +protocol tcp-passive +server { + name-server 1.1.1.1 + name-server 8.8.8.8 + name-server 1.0.0.1 + push-route 192.168.55.0/24 + subnet 192.168.55.0/24 +} +tls { + ca-cert-file /config/auth/openvpn/test/pki/ca.crt + cert-file /config/auth/openvpn/test/pki/issued/someonesvpn.crt + dh-file /config/auth/openvpn/test/pki/dh.pem + key-file /config/auth/openvpn/test/pki/private/someonesvpn.key +} [edit interfaces openvpn vtun0]
Here's what happens when I try to commit:
# Commit attempt vyos@cr03-vyos# commit [ interfaces openvpn vtun0 ] OpenVPN configuration error: Failed to start OpenVPN tunnel. [[interfaces openvpn vtun0]] failed [ interfaces openvpn vtun1 ] OpenVPN configuration error: Failed to start OpenVPN tunnel. [[interfaces openvpn vtun1]] failed Commit failed [edit interfaces openvpn vtun0]
Here's the log:
# Show log Feb 21 00:40:44 cr03-vyos.bhs05.trae32566.org openvpn-vtun1[5968]: Options error: Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: push (2.4.0) Feb 21 00:40:44 cr03-vyos.bhs05.trae32566.org openvpn-vtun1[5968]: Use --help for more information. Feb 21 00:40:44 cr03-vyos.bhs05.trae32566.org sudo[5954]: pam_unix(sudo:session): session closed for user root Feb 21 00:41:07 cr03-vyos.bhs05.trae32566.org sudo[6052]: vyos : TTY=pts/0 ; PWD=/home/vyos ; USER=root ; COMMAND=/bin/journalctl Feb 21 00:41:07 cr03-vyos.bhs05.trae32566.org sudo[6052]: pam_unix(sudo:session): session opened for user root by vyos(uid=0)`