If we configure hostname for the remote-host parameter in openvpn configuration in client mode, the tunnel does not come up. This error is observed in the openvpn logs:
OpenVPN: RESOLVE: Cannot resolve host address: HOSTNAME:14386 (No address associated with hostname) .
The address is associated to the hostname.
[email protected]# ping server.abc.net PING server.abc.net (11.22.33.44) 56(84) bytes of data. 64 bytes from server.abc.net (11.22.33.44): icmp_seq=1 ttl=63 time=3.38 ms 64 bytes from server.abc.net (11.22.33.44): icmp_seq=2 ttl=63 time=1.75 ms 64 bytes from server.abc.net (11.22.33.44): icmp_seq=3 ttl=63 time=1.79 ms 64 bytes from server.abc.net (11.22.33.44): icmp_seq=4 ttl=63 time=1.94 ms
Workaround is to add "openvpn-option ‘–proto udp4’", post it works, tested for latest rolling and LTS release.
Server mode configuration:
[email protected]# run sh conf comm | grep openvpn set interfaces openvpn vtun0 encryption cipher 'aes256' set interfaces openvpn vtun0 hash 'sha256' set interfaces openvpn vtun0 local-host '11.22.33.44' set interfaces openvpn vtun0 local-port '1194' set interfaces openvpn vtun0 mode 'server' set interfaces openvpn vtun0 persistent-tunnel set interfaces openvpn vtun0 protocol 'udp' set interfaces openvpn vtun0 server client client ip '10.140.0.55' set interfaces openvpn vtun0 server domain-name 'abc.net' set interfaces openvpn vtun0 server name-server '55.44.33.22' set interfaces openvpn vtun0 server push-route '55.44.33.22/32' set interfaces openvpn vtun0 server subnet '10.140.0.0/20' set interfaces openvpn vtun0 server topology 'subnet' set interfaces openvpn vtun0 tls ca-cert-file '/config/auth/ovpn/ca.crt' set interfaces openvpn vtun0 tls cert-file '/config/auth/ovpn/server.crt' set interfaces openvpn vtun0 tls dh-file '/config/auth/ovpn/dh.pem' set interfaces openvpn vtun0 tls key-file '/config/auth/ovpn/server.key' set interfaces openvpn vtun0 use-lzo-compression
Client mode configuration:
[email protected]# run sh conf comm | grep openvpn set interfaces openvpn vtun0 encryption cipher 'aes256' set interfaces openvpn vtun0 hash 'sha256' set interfaces openvpn vtun0 mode 'client' set interfaces openvpn vtun0 openvpn-option '--proto udp4' set interfaces openvpn vtun0 persistent-tunnel set interfaces openvpn vtun0 protocol 'udp' set interfaces openvpn vtun0 remote-host 'server.abc.net' set interfaces openvpn vtun0 remote-port '1194' set interfaces openvpn vtun0 tls ca-cert-file '/config/auth/ovpn/ca.crt' set interfaces openvpn vtun0 tls cert-file '/config/auth/ovpn/client.crt' set interfaces openvpn vtun0 tls key-file '/config/auth/ovpn/client.key' set interfaces openvpn vtun0 use-lzo-compression
.
I found this pull request "https://github.com/vyos/vyos-1x/commit/08bd4ed10b3772c61f24cd9564c1639334d7feba" which was submitted to fix it but still there seems to be issue.
One more reference link:
https://github.com/vyos/vyos-1x/pull/361
This code was added:
https://github.com/vyos/vyos-1x/blob/24c4f9b6fa299e5bc67d82f5a8e0e5b4f9c4d04b/src/conf_mode/interfaces-openvpn.py#L594-L598