Site to site OpenVPN creates a wrong peer address (it used netmask instead of peer ip address)
set interfaces openvpn vtun30365 local-address 10.10.36.18 subnet-mask '255.255.255.252' set interfaces openvpn vtun30365 local-host '100.64.0.2' set interfaces openvpn vtun30365 local-port '30365' set interfaces openvpn vtun30365 mode 'site-to-site' set interfaces openvpn vtun30365 remote-address '10.10.36.17' set interfaces openvpn vtun30365 remote-host '100.64.0.1' set interfaces openvpn vtun30365 remote-port '30365' set interfaces openvpn vtun30365 shared-secret-key-file '/config/auth/foo.key'
Commit
vyos@r4-roll# commit [ interfaces openvpn vtun30365 ] {'auth_user_pass_file': '/run/openvpn/vtun30365.pw', 'daemon_group': 'openvpn', 'daemon_user': 'openvpn', 'device_type': 'tun', 'ifname': 'vtun30365', 'ip': {'ospf': {'dead_interval': '40', 'hello_interval': '10', 'priority': '1', 'retransmit_interval': '5', 'transmit_delay': '1'}}, 'keep_alive': {'failure_count': '60', 'interval': '10'}, 'local_address': {'10.10.36.18': {'subnet_mask': '255.255.255.252'}}, 'local_host': '100.64.0.2', 'local_port': '30365', 'mode': 'site-to-site', 'protocol': 'udp', 'remote_address': ['10.10.36.17'], 'remote_host': ['100.64.0.1'], 'remote_port': '30365', 'server': {'topology': 'net30'}, 'shared_secret_key_file': '/config/auth/foo.key'}
Additional logs.
Nov 16 18:36:22 r4-roll sudo[29040]: root : TTY=unknown ; PWD=/run/openvpn ; USER=root ; COMMAND=/sbin/ip link set dev vtun30365 up mtu 1500 Nov 16 18:36:22 r4-roll sudo[29040]: pam_unix(sudo:session): session opened for user root by (uid=0) Nov 16 18:36:22 r4-roll netplugd[733]: vtun30365: ignoring event Nov 16 18:36:22 r4-roll charon[10052]: 12[KNL] interface vtun30365 activated Nov 16 18:36:22 r4-roll sudo[29040]: pam_unix(sudo:session): session closed for user root Nov 16 18:36:22 r4-roll openvpn-vtun30365[29034]: /usr/libexec/vyos/system/unpriv-ip addr add dev vtun30365 local 10.10.36.18 peer 255.255.255.252 Nov 16 18:36:22 r4-roll sudo[29046]: root : TTY=unknown ; PWD=/run/openvpn ; USER=root ; COMMAND=/sbin/ip addr add dev vtun30365 local 10.10.36.18 peer 255.255.255.252 Nov 16 18:36:32 r4-roll openvpn-vtun30365[29034]: WARNING: 'ifconfig' is used inconsistently, local='ifconfig 10.10.36.18 255.255.255.252', remote='ifconfig 10.10.36.18 10.10.36.17' [edit]
What there wrong
/sbin/ip addr add dev vtun30365 local 10.10.36.18 peer 255.255.255.252
instead of 10.10.36.17
It seems "netmask" should be used only when we use "device-type tap" and in the proper place.
What I expect
vtun30365: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500 inet 10.10.36.18 netmask 255.255.255.255 destination 10.10.36.17
What I get
vtun30365: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500 inet 10.10.36.18 netmask 255.255.255.255 destination 255.255.255.252 vyos@r4-roll# sudo ip route get 255.255.255.252 255.255.255.252 dev vtun30365 src 10.10.36.18 uid 0 cache [edit] vyos@r4-roll#