Page MenuHomeVyOS Platform
Create Task
Maniphest T1582

OpenVPN CLI supports setting local-address multiple times but only the first makes it to the config
Closed, InvalidPublicFEATURE REQUEST
Actions

Description

VyOS 1.2.2

vyos@vyos# show interfaces openvpn
 openvpn vtun1 {
     local-address 10.255.1.1 {
     }
     local-address 192.0.2.1 {
     }
     local-host 172.18.202.10
     local-port 1195
     mode site-to-site
     persistent-tunnel
     protocol udp
     remote-address 10.255.1.2
     remote-host 172.18.201.10
     remote-port 1195
     shared-secret-key-file /config/auth/openvpn-1.key
 }

But only the first address makes it to the generated config file

vyos@vyos# cat /opt/vyatta/etc/openvpn/openvpn-vtun1.conf
verb 3
status /opt/vyatta/etc/openvpn/status/vtun1.status 30
dev-type tun
dev vtun1
ping 10
ping-restart 60
ifconfig 10.255.1.1 10.255.1.2
local 172.18.202.10
lport 1195
rport 1195
remote 172.18.201.10
secret /config/auth/openvpn-1.key
persist-tun

VyOS 1.1.7

vyos@vyos# show interfaces openvpn
 openvpn vtun1 {
     local-address 10.255.1.1 {
     }
     local-address 10.255.2.1 {
     }
     local-host 172.18.203.10
     local-port 1195
     mode site-to-site
     persistent-tunnel
     protocol udp
     remote-address 10.255.1.2
     remote-host 172.18.201.10
     remote-port 1195
     shared-secret-key-file /config/auth/openvpn-1.key
 }
vyos@vyos# ps fauxww | grep openvpn
root      3383  0.0  0.0  23532  1448 ?        Ss   21:14   0:00 /usr/sbin/openvpn --daemon openvpn-vtun1 --verb 3 --writepid /var/run/openvpn-vtun1.pid --status /opt/vyatta/etc/openvpn/status/vtun1.status 30 --dev-type tun --dev vtun1 --ping 10 --ping-restart 60 --ifconfig 10.255.1.1 10.255.1.2 --local 172.18.203.10 --lport 1195 --rport 1195 --remote 172.18.201.10 --secret /config/auth/openvpn-1.key --persist-tun

Details

Difficulty level
Unknown (require assessment)
Version
1.1.7
Why the issue appeared?
Will be filled on close

Related Objects
Search...

Event Timeline

c-po created this task.Aug 13 2019, 7:03 PM
c-po updated the task description. (Show Details)Aug 13 2019, 7:16 PM
c-po updated the task description. (Show Details)
c-po changed Version from - to 1.1.7.
c-po added a comment.Aug 15 2019, 10:51 PM

This is actually invalid. There is no way with the current CLI design to specify the local address node with an optional subnet-mask leaf node.

It could be done with an address node like every other interface

e.g. replace:

set interfaces openvpn vtun10 local-address 10.10.10.1 subnet-mask 255.255.255.0
set interfaces openvpn vtun10 local-address 10.10.10.1

by:

set interfaces openvpn vtun10 address 10.10.10.1/24
set interfaces openvpn vtun10 address 10.10.10.1/32
c-po closed this task as Invalid.Aug 17 2019, 12:27 AM
c-po moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.Aug 17 2019, 12:41 AM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.0); removed VyOS 1.3 Equuleus.Aug 30 2022, 2:07 PM
syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0) board.