Page MenuHomePhabricator

openvpn: wrong checking for existence cert files
Closed, ResolvedPublic

Description

If we configure openvpn server and set wrong certificates files name, cli doesn't return warning, and successfully trying start with wrong filename certificates.
Reproducing:

set interfaces openvpn vtun0 mode 'server'
set interfaces openvpn vtun0 persistent-tunnel
set interfaces openvpn vtun0 protocol 'udp'
set interfaces openvpn vtun0 server client branch1 ip '10.23.1.10'
set interfaces openvpn vtun0 server client branch1 subnet '10.23.10.0/24'
set interfaces openvpn vtun0 server push-route '100.64.0.0/24'
set interfaces openvpn vtun0 server subnet '10.23.1.0/24'
set interfaces openvpn vtun0 tls ca-cert-file '/config/auth/ovpn/ca.ct'
set interfaces openvpn vtun0 tls cert-file '/config/auth/ovpn/central.ct'
set interfaces openvpn vtun0 tls dh-file '/config/auth/ovpn/dh2048.pm'
set interfaces openvpn vtun0 tls key-file '/config/auth/ovpn/central.ky'

Details

Difficulty level
Unknown (require assessment)
Version
1.2-rolling-201909141324
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible

Event Timeline

Dmitry triaged this task as Normal priority.Sep 14 2019, 7:53 PM
Dmitry created this task.
Dmitry created this object in space S1 VyOS Public.
Dmitry changed the task status from Open to In progress.Sep 14 2019, 9:09 PM
c-po closed this task as Resolved.Sep 15 2019, 8:51 AM
c-po added a project: VyOS 1.3 Equuleus.
c-po moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.Sun, Oct 13, 3:02 PM