Page MenuHomeVyOS Platform

Cannot use quotes for openvpn-option --route-up
Closed, InvalidPublicBUG


Somewhat related to T1246.

I'm trying to pass arguments to my --route-up script, like this:

set interfaces openvpn vtun0 openvpn-option "--route-up /config/auth/ arg1 arg2"

It doesn't work and openvpn will exit with:

Options error: the --route-up directive should have at most 1 parameter. To pass a list of arguments as one of the parameters, try enclosing them in double quotes ("").

The following doesn't work:

set interfaces openvpn vtun0 openvpn-option "--route-up '/config/auth/ arg1 arg2'"

and will give the error:

Cannot use the single quote (') character in a value string
Value validation failed
Set failed

Is there any solution for this?


Difficulty level
Unknown (require assessment)
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)

Event Timeline

yun created this task.May 17 2019, 3:23 PM
pasik added a subscriber: pasik.May 27 2019, 8:20 PM
jjakob added a subscriber: jjakob.Jun 24 2019, 6:38 PM

I think this is a parser issue

vyos@vyos# set interfaces openvpn vtun0 openvpn-option "route-up \"echo arg1 arg2\""

  Cannot use the double quote (") character in a value string
  Value validation failed
  Set failed

Openvpn still uses old style templates and perl script, someone more knowledgeable in the parser and template code may be able to help.

$ cat templates-cfg/interfaces/openvpn/node.tag/openvpn-option/node.def 
type: txt
help: Additional OpenVPN options
    # extra options
    if (scalar(@{$self->{_options}}) > 0) {
        for my $option (@{$self->{_options}}) {
            if ($option =~ /^--/) {
                $cmd .= " $option";
            } else {
                $cmd .= " --$option";

Even then we may need some escaping tricks to do this properly as the perl code may "eat" up added quotes (would need testing and documenting)

The documentation could also be improved, in particular the option may or may not have -- preceding it, in which case it is added:

kHub added a subscriber: kHub.Aug 5 2019, 6:45 PM
syncer assigned this task to zsdc.Aug 31 2019, 12:27 AM
syncer triaged this task as Normal priority.
syncer edited projects, added VyOS 1.3 Equuleus; removed VyOS 1.2 Crux.
c-po added a subscriber: c-po.EditedJan 26 2020, 11:09 AM

Sounds like a duplicate of T1632

Please use: set interfaces openvpn vtun0 openvpn-option "--route-up "/config/auth/ arg1 arg2""

... I know it looks ugly!

Please also use a more recent VyOS build, e.g. 1.3 rolling or

c-po changed the task status from Open to Needs testing.Jan 26 2020, 11:09 AM
c-po set Is it a breaking change? to Unspecified (possibly destroys the router).

Closing, 1.3 has rewritten the perl code from scratch in python, but the functionality should be the same.

jjakob closed this task as Invalid.Mar 25 2020, 4:23 PM
jjakob moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.