Page MenuHomeVyOS Platform

OpenConnect Server redundancy check
Open, Requires assessmentPublicBUG

Description

VyOS should not check the existence of` ca-cert-file` in config when using not self-signed certificates like certificates provided LetsEncrypt.

set vpn openconnect authentication local-users username user1 password 'user1'
set vpn openconnect authentication mode 'local'
set vpn openconnect network-settings client-ip-settings subnet '100.64.0.0/24'
set vpn openconnect network-settings name-server '1.1.1.1'
set vpn openconnect ssl cert-file '/etc/letsencrypt/live/domain.example.com/fullchain.pem'
set vpn openconnect ssl key-file '/etc/letsencrypt/live/domain.example.com/privkey.pem'
commit
[ vpn openconnect ]
openconnect ssl ca-cert-file required

[[vpn openconnect]] failed
Commit failed

https://github.com/vyos/vyos-1x/blob/current/src/conf_mode/vpn_openconnect.py#L76
Propose to exlude ca_cert_file from this list

Details

Difficulty level
Easy (less than an hour)
Version
1.4-rolling-202104061641
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible