Now all 1.3 and 1.4 rollings has an issue: the command “set interface openvpn vtun0 openvpn-option blabla” adds inappropriate "-- " to string in the /run/openvpn/vtun0.conf, so the string not works.
I’ve found where to change: string 286 in usr/share/vyos/templates/openvpn/server.conf.tmpl should be {{ argument }} instead of --{{ argument }}
Description
Details
- Difficulty level
- Unknown (require assessment)
- Version
- 1.3 & 1.4
- Why the issue appeared?
- Will be filled on close
- Is it a breaking change?
- Unspecified (possibly destroys the router)
Event Timeline
Hi, I have tried these set of configuration and the openvpn connection was up and working fine.
Server config:
set interfaces openvpn vtun0 encryption cipher 'aes256' set interfaces openvpn vtun0 hash 'sha256' set interfaces openvpn vtun0 local-host '200.200.200.2' set interfaces openvpn vtun0 local-port '1194' set interfaces openvpn vtun0 mode 'server' set interfaces openvpn vtun0 openvpn-option 'tun-mtu 1500' set interfaces openvpn vtun0 openvpn-option 'push "keepalive 1 10"' set interfaces openvpn vtun0 persistent-tunnel set interfaces openvpn vtun0 protocol 'udp' set interfaces openvpn vtun0 server client client ip '10.23.1.10' set interfaces openvpn vtun0 server client client subnet '10.2.0.0/16' set interfaces openvpn vtun0 server push-route '10.1.0.0/16' set interfaces openvpn vtun0 server subnet '10.23.1.0/24' set interfaces openvpn vtun0 tls ca-cert-file '/config/auth/ovpn/ca.crt' set interfaces openvpn vtun0 tls cert-file '/config/auth/ovpn/server.crt' set interfaces openvpn vtun0 tls dh-file '/config/auth/ovpn/dh.pem' set interfaces openvpn vtun0 tls key-file '/config/auth/ovpn/server.key'
Client config:
vyos@vyos# run sh conf comm | grep openvpn set interfaces openvpn vtun0 encryption cipher 'aes256' set interfaces openvpn vtun0 hash 'sha256' set interfaces openvpn vtun0 mode 'client' set interfaces openvpn vtun0 openvpn-option 'tun-mtu 1500' set interfaces openvpn vtun0 persistent-tunnel set interfaces openvpn vtun0 protocol 'udp' set interfaces openvpn vtun0 remote-host '200.200.200.2' set interfaces openvpn vtun0 remote-port '1194' set interfaces openvpn vtun0 tls ca-cert-file '/config/auth/ovpn/ca.crt' set interfaces openvpn vtun0 tls cert-file '/config/auth/ovpn/client.crt' set interfaces openvpn vtun0 tls key-file '/config/auth/ovpn/client.key' set interfaces openvpn vtun0 use-lzo-compression
This is the information from the openvpn documentation related to the options:
OpenVPN allows any option to be placed either on the command line or in a configuration file.
Though all command line options are preceded by a double-leading-dash (“–“), this prefix can be removed when an option is placed in a configuration file.
Can you please share your configuration to reproduce in the lab and error messages received.
@svd135 please retest with the latest 1.4 rolling or 1.3 beta version. The issue should be corrected.
I've found out conf string with "--" works the same way like string without "--". Sorry to trouble you with this question.
Thanks for the feedback.
Yeah that is why I do not like those raw options as you can break things very easily.