Page MenuHomeVyOS Platform

openvpn fails if server and authentication are configured
Closed, ResolvedPublic

Description

If an openvpn server is configured it is also possible to configure authentication, but the tunnel will not come up and the following line is logged in syslog (messages).

Options error: --auth-user-pass cannot be used with --mode server (it should be used on the client side only)

Details

Difficulty level
Unknown (require assessment)
Version
1.3 1.4
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Stricter validation
Issue type
Bug (incorrect behavior)

Event Timeline

UnicronNL triaged this task as Normal priority.Aug 11 2021, 9:16 AM
UnicronNL created this task.

Sounds like a missing validator. Wo should prevent users from doing such things ;)

PR https://github.com/vyos/vyos-1x/pull/968

vyos@r1-roll# set interfaces openvpn vtun10 authentication username foo
[edit]
vyos@r1-roll# commit

Cannot specify "authentication" in server mode

[[interfaces openvpn vtun10]] failed
Commit failed
[edit]
vyos@r1-roll#
Viacheslav moved this task from Backport Candidates to Finished on the VyOS 1.4 Sagitta board.

Fixed, 1.3-beta-202108151336

vyos@r4-1.3# run show conf com | match openvpn
set interfaces openvpn vtun10 encryption cipher 'aes256'
set interfaces openvpn vtun10 hash 'sha512'
set interfaces openvpn vtun10 local-host '192.168.122.14'
set interfaces openvpn vtun10 local-port '1194'
set interfaces openvpn vtun10 mode 'server'
set interfaces openvpn vtun10 persistent-tunnel
set interfaces openvpn vtun10 protocol 'udp'
set interfaces openvpn vtun10 server client client1 ip '10.10.0.10'
set interfaces openvpn vtun10 server domain-name 'vyos.net'
set interfaces openvpn vtun10 server max-connections '250'
set interfaces openvpn vtun10 server name-server '172.16.254.30'
set interfaces openvpn vtun10 server subnet '10.10.0.0/24'
set interfaces openvpn vtun10 server topology 'subnet'
set interfaces openvpn vtun10 tls ca-cert-file '/config/auth/ca.crt'
set interfaces openvpn vtun10 tls cert-file '/config/auth/central.crt'
set interfaces openvpn vtun10 tls dh-file '/config/auth/dh.pem'
set interfaces openvpn vtun10 tls key-file '/config/auth/central.key'
set interfaces openvpn vtun10 tls tls-version-min '1.0'
set interfaces openvpn vtun10 use-lzo-compression
[edit]
vyos@r4-1.3#
vyos@r4-1.3# set interfaces openvpn vtun10 authentication username foo
[edit]
vyos@r4-1.3# commit

Cannot specify "authentication" in server mode

[[interfaces openvpn vtun10]] failed
Commit failed
[edit]
vyos@r4-1.3#
SrividyaA set Issue type to Bug (incorrect behavior).Sep 1 2021, 10:48 AM