Page MenuHomeVyOS Platform
Create Task
Maniphest T3317

OpenVPN config issue
Closed, InvalidPublicBUG
Actions

Description

Now all 1.3 and 1.4 rollings has an issue: the command “set interface openvpn vtun0 openvpn-option blabla” adds inappropriate "-- " to string in the /run/openvpn/vtun0.conf, so the string not works.
I’ve found where to change: string 286 in usr/share/vyos/templates/openvpn/server.conf.tmpl should be {{ argument }} instead of --{{ argument }}

Details

Difficulty level
Unknown (require assessment)
Version
1.3 & 1.4
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)

Event Timeline

svd135 created this task.Feb 16 2021, 1:33 PM
SrividyaA added a subscriber: SrividyaA.Feb 20 2021, 3:48 PM

Hi, I have tried these set of configuration and the openvpn connection was up and working fine.

Server config:

set interfaces openvpn vtun0 encryption cipher 'aes256'
set interfaces openvpn vtun0 hash 'sha256'
set interfaces openvpn vtun0 local-host '200.200.200.2'
set interfaces openvpn vtun0 local-port '1194'
set interfaces openvpn vtun0 mode 'server'
set interfaces openvpn vtun0 openvpn-option 'tun-mtu 1500'
set interfaces openvpn vtun0 openvpn-option 'push "keepalive 1 10"'
set interfaces openvpn vtun0 persistent-tunnel
set interfaces openvpn vtun0 protocol 'udp'
set interfaces openvpn vtun0 server client client ip '10.23.1.10'
set interfaces openvpn vtun0 server client client subnet '10.2.0.0/16'
set interfaces openvpn vtun0 server push-route '10.1.0.0/16'
set interfaces openvpn vtun0 server subnet '10.23.1.0/24'
set interfaces openvpn vtun0 tls ca-cert-file '/config/auth/ovpn/ca.crt'
set interfaces openvpn vtun0 tls cert-file '/config/auth/ovpn/server.crt'
set interfaces openvpn vtun0 tls dh-file '/config/auth/ovpn/dh.pem'
set interfaces openvpn vtun0 tls key-file '/config/auth/ovpn/server.key'

Client config:

vyos@vyos# run sh conf comm | grep openvpn
set interfaces openvpn vtun0 encryption cipher 'aes256'
set interfaces openvpn vtun0 hash 'sha256'
set interfaces openvpn vtun0 mode 'client'
set interfaces openvpn vtun0 openvpn-option 'tun-mtu 1500'
set interfaces openvpn vtun0 persistent-tunnel
set interfaces openvpn vtun0 protocol 'udp'
set interfaces openvpn vtun0 remote-host '200.200.200.2'
set interfaces openvpn vtun0 remote-port '1194'
set interfaces openvpn vtun0 tls ca-cert-file '/config/auth/ovpn/ca.crt'
set interfaces openvpn vtun0 tls cert-file '/config/auth/ovpn/client.crt'
set interfaces openvpn vtun0 tls key-file '/config/auth/ovpn/client.key'
set interfaces openvpn vtun0 use-lzo-compression

This is the information from the openvpn documentation related to the options:

OpenVPN allows any option to be placed either on the command line or in a configuration file.
Though all command line options are preceded by a double-leading-dash (“–“), this prefix can be removed when an option is placed in a configuration file.

Can you please share your configuration to reproduce in the lab and error messages received.

pasik added a subscriber: pasik.Feb 21 2021, 9:41 AM
Viacheslav changed the task status from Open to Needs testing.Mar 1 2021, 10:33 PM
c-po added a subscriber: c-po.Mar 14 2021, 1:44 PM

@svd135 please retest with the latest 1.4 rolling or 1.3 beta version. The issue should be corrected.

svd135 added a comment.Mar 14 2021, 6:10 PM

I've found out conf string with "--" works the same way like string without "--". Sorry to trouble you with this question.

c-po added a comment.Mar 14 2021, 8:31 PM

Thanks for the feedback.

Yeah that is why I do not like those raw options as you can break things very easily.

c-po closed this task as Invalid.Mar 14 2021, 8:31 PM
syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.Nov 6 2021, 11:43 AM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.0); removed VyOS 1.3 Equuleus.Aug 29 2022, 12:16 PM
syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0) board.