Page MenuHomeVyOS Platform

OpenVPN client-ip-pool option is broken
Open, Requires assessmentPublicBUG

Description

There are multiple problems with it:

  • There's no space between the pool end and the netmask in the generated config, so it can never work.
  • In addition, the netmask parameter is always generated, even though it's only valid for the tap mode. In the tun mode, it prevents OpenVPN from starting.
  • Last but not least, ifconfig-pool: first from the subnet option, without checking whether the user defined it explicitly; second time from the client-ip-pool option defined by the user.

Trying to run OpenVPN with extra subnet parameter in ifconfig-pool results in this error and terminates the OpenVPN process:

openvpn-vtun0[9645]: Options error: The third parameter to --ifconfig-pool (netmask) is only valid in --dev tap mode

The man page says:

Valid syntax:

                 ifconfig-pool start-IP end-IP [netmask]

              For  tun-style  tunnels, each client will be given a /30 subnet (for interoperability with Windows clients).  For tap-style tunnels, individual addresses will be allocated, and the optional netmask parameter will also
              be pushed to clients.

Details

Difficulty level
Easy (less than an hour)
Version
1.3.1
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)

Event Timeline

dmbaturin renamed this task from OpenVPN ifconfig-pool option is broken to OpenVPN client-ip-pool option is broken.May 1 2022, 12:13 PM
dmbaturin claimed this task.
dmbaturin updated the task description. (Show Details)