Page MenuHomeVyOS Platform

get_config_dict() does not honor whitespaces in the CLI values field
Closed, ResolvedPublicBUG

Description

Using the following configuration:

set interfaces openvpn vtun0 encryption cipher 'aes256gcm'
set interfaces openvpn vtun0 keep-alive failure-count '3'
set interfaces openvpn vtun0 keep-alive interval '10'
set interfaces openvpn vtun0 mode 'server'
set interfaces openvpn vtun0 openvpn-option 'tls-auth /config/auth/openvpn/ta.key 0'
set interfaces openvpn vtun0 server name-server '10.53.53.53'
set interfaces openvpn vtun0 server name-server '10.53.53.54'
set interfaces openvpn vtun0 server push-route '0.0.0.0/0'
set interfaces openvpn vtun0 server subnet '10.7.178.0/24'
set interfaces openvpn vtun0 tls ca-cert-file '/config/auth/ovpn_test_ca.pem'
set interfaces openvpn vtun0 tls cert-file '/config/auth/ovpn_test_server.pem'
set interfaces openvpn vtun0 tls dh-file '/config/auth/ovpn_test_dh.pem'
set interfaces openvpn vtun0 tls key-file '/config/auth/ovpn_test_server.key'
set interfaces openvpn vtun0 use-lzo-compression

will render:

{'auth_user_pass_file': '/run/openvpn/vtun0.pw',
 'daemon_group': 'openvpn',
 'daemon_user': 'openvpn',
 'device_type': 'tun',
 'encryption': {'cipher': 'aes256gcm'},
 'ifname': 'vtun0',
 'keep_alive': {'failure_count': '3', 'interval': '10'},
 'mode': 'server',
 'openvpn_option': ['tls-auth', '/config/auth/openvpn/ta.key', '0'],
 'protocol': 'udp',
 'server': {'name_server': ['10.53.53.53', '10.53.53.54'],
            'push_route': ['0.0.0.0/0'],
            'subnet': ['10.7.178.0/24'],
            'topology': 'net30'},
 'tls': {'ca_cert_file': '/config/auth/ovpn_test_ca.pem',
         'cert_file': '/config/auth/ovpn_test_server.pem',
         'dh_file': '/config/auth/ovpn_test_dh.pem',
         'key_file': '/config/auth/ovpn_test_server.key'},
 'use_lzo_compression': {}}

The error can be seen in the openvpn_option key, the value from the CLI is split() into individual list elements. This is wrong. the proper result shoudl be: 'openvpn_option': ['tls-auth /config/auth/openvpn/ta.key 0']. My initial feeling is that this comes from the change that a multi node should always be represented as a list (https://github.com/vyos/vyos-1x/commit/b40c5268).

As defining a CLI node which is non-multi with a value containing whitespaces works: 'description': 'asdf ghje sadf' - interface descriptions are a good example here.

Details

Difficulty level
Unknown (require assessment)
Version
1.3-rolling-202011200217
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible

Event Timeline

c-po changed the task status from Open to Confirmed.Sun, Nov 22, 9:19 AM
c-po triaged this task as High priority.
c-po created this task.
c-po updated the task description. (Show Details)
c-po assigned this task to jestabro.Sun, Nov 22, 9:25 AM
c-po updated the task description. (Show Details)
jestabro closed this task as Resolved.Mon, Nov 23, 2:46 AM
jestabro moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.

See subtask T3082 for origin and details of this issue.

pasik added a subscriber: pasik.Mon, Nov 23, 8:12 AM

Fixed, thanks!

[ interfaces openvpn vtun0 ]
{'auth_user_pass_file': '/run/openvpn/vtun0.pw',
 'daemon_group': 'openvpn',
 'daemon_user': 'openvpn',
 'device_type': 'tun',
 'encryption': {'cipher': 'aes256gcm'},
 'ifname': 'vtun0',
 'keep_alive': {'failure_count': '3', 'interval': '10'},
 'mode': 'server',
 'openvpn_option': ['tls-auth /config/auth/ovpn_test_site2site.key 0'],
 'protocol': 'udp',
 'server': {'name_server': ['10.53.53.53', '10.53.53.54'],
            'push_route': ['0.0.0.0/0'],
            'subnet': ['10.7.178.0/24'],
            'topology': 'net30'},
 'tls': {'ca_cert_file': '/config/auth/ovpn_test_ca.pem',
         'cert_file': '/config/auth/ovpn_test_server.pem',
         'dh_file': '/config/auth/ovpn_test_dh.pem',
         'key_file': '/config/auth/ovpn_test_server.key'},
 'use_lzo_compression': {}}