Page MenuHomePhabricator

OpenVPN client push-route stopped working, needs added quotes to fix
Needs testing, NormalPublicBUG

Description

Hi, after recent upgrade to VyOS 1.2.0-rolling+201905261657, openvpn client push-route stopped working.

Options error: Unrecognized option or missing or extra parameter(s) in /opt/vyatta/etc/openvpn/ccd/vtun0/xyz:2: push (2.4.0)

ccd/vtun0/xyz:

ifconfig-push 10.x.y.10 255.255.255.0
push route 192.168.1.0 255.255.255.0
push route 10.1.0.0 255.255.255.0

Adding quotes fixes it:

ifconfig-push 10.x.y.10 255.255.255.0
push "route 192.168.1.0 255.255.255.0"
push "route 10.1.0.0 255.255.255.0"

Details

Difficulty level
Easy (less than an hour)
Version
VyOS 1.2.0-rolling+201905261657
Why the issue appeared?
Implementation mistake

Event Timeline

jjakob created this task.May 31 2019, 2:48 PM
pasik added a subscriber: pasik.May 31 2019, 3:43 PM
jjakob changed the task status from Open to In progress.Jun 24 2019, 5:39 PM
jjakob claimed this task.

https://github.com/vyos/vyatta-openvpn/pull/11
Tested working on current rolling

c-po changed the task status from In progress to Backport pending.Jun 24 2019, 6:00 PM
c-po triaged this task as Normal priority.
c-po added a project: VyOS 1.3 Equuleus.
c-po moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.
c-po moved this task from Need Triage to Backlog on the VyOS 1.2 Crux board.
c-po changed Difficulty level from Unknown (require assessment) to Easy (less than an hour).
c-po changed Why the issue appeared? from Will be filled on close to Implementation mistake.

The same thing applies to the global configuration of push options.
E.g. These:
set interfaces openvpn vtun0 server push-route '172.16.41.0/24'
set interfaces openvpn vtun0 server push-route '172.16.42.0/24'

Lead to these in the /opt/vyatta/etc/openvpn/openvpn.vtun0 configuration file:
push route 172.16.42.0 255.255.255.0
push route 172.16.41.0 255.255.255.0

Which gives the same error.
The patch referenced above does fix it for clients, but the global configuration conversion is still broken.

syncer changed the task status from Backport pending to Needs testing.Aug 31 2019, 8:48 PM
syncer reassigned this task from jjakob to Dmitry.
syncer moved this task from Finished to In Progress on the VyOS 1.3 Equuleus board.

This issue don't reproduces at 1.2.2 and 1.2.3-epa1. As for rolling release after T1548, seems all correct and works.

set interfaces openvpn vtun0 server push-route '100.64.0.0/24'
set interfaces openvpn vtun0 server push-route '172.16.41.0/24'
set interfaces openvpn vtun0 server push-route '172.16.42.0/24'
vyos@vyos# sudo cat /opt/vyatta/etc/openvpn/openvpn-vtun0.conf | grep push
push "route 100.64.0.0 255.255.255.0"
push "route 172.16.41.0 255.255.255.0"
push "route 172.16.42.0 255.255.255.0"

on client

vyos@vyos-rtr01# run show ip route | grep vtun0
S>* 10.23.0.0/16 [1/0] is directly connected, vtun0, 00:03:25
C>* 10.23.1.1/32 is directly connected, vtun0, 00:03:25
K>* 100.64.0.0/24 [0/0] via 10.23.1.1, vtun0, 00:03:25
K>* 172.16.41.0/24 [0/0] via 10.23.1.1, vtun0, 00:03:25
K>* 172.16.42.0/24 [0/0] via 10.23.1.1, vtun0, 00:03:25

@kronenpj can you try last rolling release for confirm this?