Page MenuHomeVyOS Platform
Create Task
Maniphest T2381

OpenVPN: openvpn-option parsed/rendered improperly
Closed, ResolvedPublicBUG
Actions

Description

The CLI statement interfaces openvpn vtun10 openvpn-option '--tun-mtu 1500 --fragment 1300 --mssfix' will render in vtun10.conf to

--tun-mtu 1500 --fragment 1300 --mssfix

On startup OpenVPN complains about:

Apr 26 09:26:47 vyos openvpn-vtun10[27854]: Options error: Unrecognized option or missing or extra parameter(s) in vtun10.conf:76: tun-mtu (2.4.7)

This happened to work in 1.2.4 so it must be something with the rendering - I know that passing openvpn-option is maximum bad practice but it should not become a problem on an upgrade

Details

Difficulty level
Unknown (require assessment)
Version
1.3-rolling-202004231230
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Related Objects

Event Timeline

c-po triaged this task as High priority.Apr 26 2020, 7:31 AM
c-po created this task.
c-po added a subscriber: jjakob.

@jjakob as you seem to be the OpenVPN pro - you mind taking a look?

elbandi added a subscriber: elbandi.Apr 26 2020, 11:04 AM

sould rewrite to multioption:

openvpn-option tun-mtu 1500
openvpn-option fragment 1300
openvpn-option foo bar
c-po added a comment.Apr 26 2020, 11:58 AM

@elbandi sure that I used as workaround.

The problem is if someone upgrades from 1.2.5 to 1.3.x this will break OpenVPN which is bad.

pasik added a subscriber: pasik.Apr 26 2020, 1:03 PM
jjakob added a comment.Apr 26 2020, 3:48 PM

Crux probably passed this as a string of options to the command line or
split it into multiple options. We need to add a parser to split the
options by '--', hopefully this won't break any options which should
include -- in one line.

elbandi added a comment.Apr 26 2020, 3:55 PM

Just call the multiple options other name (like 'option'), and admin can modify they config if they want. no need a IM migrate script.
And leave the openvpn-option for raw option, if someone want to make a magic things in openvpn.
(like, in dhcp server, static mapping has option tagnode for "Host-specific settings" and static-mapping-parameters for raw hacking :)

c-po added a comment.Apr 26 2020, 7:25 PM

@elbandi how should this approach fix the error on image upgrade?

jjakob added a comment.Apr 26 2020, 10:05 PM

If in crux this was just a option string passed to the openvpn process,
quoting or escaping could be used to pass a parameter with '--' to an
openvpn option. I need to have a good long look at how Crux did this and
have some real life examples. For example: openvpn-option '--mssfix --up
"/some/command --param1 --param2"' (I'm not sure if this would've worked
on Crux, the quoting is probably wrong, and the up option parameter too,
but my point remains that this could've been a valid option syntax)

We'd probably need to write a migrator script that was quoting and
escaping aware, because we can't just split by '--'.
I'll take a look this week after I get some free time.

hexes added a subscriber: hexes.Jun 2 2020, 2:19 PM
c-po claimed this task.Jan 17 2021, 10:04 AM
c-po closed this task as Resolved.Jan 17 2021, 5:42 PM
remfalc mentioned this in T3350: OpenVPN config file generation broken.Feb 24 2021, 2:19 PM
erkin set Issue type to Bug (incorrect behavior).Aug 30 2021, 6:33 AM
erkin removed a subscriber: Active contributors.
syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.Nov 6 2021, 12:21 PM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.0); removed VyOS 1.3 Equuleus.Aug 29 2022, 12:16 PM
syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0) board.