Page MenuHomeVyOS Platform
Create Task
Maniphest T4596

"show openconnect-server sessions" command does not work in the openconnect module
Closed, ResolvedPublicBUG
Actions

Description

"show openconnect-server sessions" command does not work in the openconnect module

vyos@vyos:~$ show openconnect-server sessions
Traceback (most recent call last):
  File "/usr/libexec/vyos/op_mode/openconnect-control.py", line 74, in <module>
    main()
  File "/usr/libexec/vyos/op_mode/openconnect-control.py", line 63, in main
    if commit_in_progress():
  File "/usr/lib/python3/dist-packages/vyos/util.py", line 626, in commit_in_progress
    raise OSError('This functions needs to be run as root to return correct results!')
OSError: This functions needs to be run as root to return correct results!

Details

Difficulty level
Easy (less than an hour)
Version
vyos-1.4-rolling-202208010217
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)

Related Objects
Search...

Event Timeline

a.apostoliuk created this task.Aug 5 2022, 8:14 AM
Viacheslav added a subscriber: Viacheslav.EditedAug 5 2022, 10:04 AM

It appeared after this commit
It doesn't like this check https://github.com/vyos/vyos-1x/blob/2a10ffa4b5074be27458159fa94d6227d0e5c7f7/src/op_mode/openconnect-control.py#L63-L65
Check root user https://github.com/vyos/vyos-1x/blob/2a10ffa4b5074be27458159fa94d6227d0e5c7f7/python/vyos/util.py#L625-L626

pasik added a subscriber: pasik.Aug 5 2022, 10:09 AM
Viacheslav added a parent task: T4564: Root task for rewriting [op-mode] to vyos.opmode format.Aug 5 2022, 10:43 AM
Viacheslav changed the task status from Open to In progress.Aug 6 2022, 9:48 AM
Viacheslav claimed this task.
Viacheslav added a comment.Aug 6 2022, 10:18 AM

PR https://github.com/vyos/vyos-1x/pull/1462

vyos@r14:~$ show openconnect-server sessions 
Interface    Username    IP            Remote IP        RX         TX         State      Uptime
-----------  ----------  ------------  ---------------  ---------  ---------  ---------  --------
sslvpn0      foo         100.64.0.225  192.168.122.220  384 bytes  152 bytes  connected  13m:18s
vyos@r14:~$

Raw format:

vyos@r14:~$ /usr/libexec/vyos/op_mode/openconnect.py show_sessions --raw
[
    {
        "ID": 5303,
        "Username": "foo",
        "Groupname": "(none)",
        "State": "connected",
        "vhost": "default",
        "Device": "sslvpn0",
        "MTU": "1434",
        "Remote IP": "192.168.122.220",
        "Location": "unknown",
        "Local Device IP": "192.168.122.14",
        "IPv4": "100.64.0.225",
        "P-t-P IPv4": "100.64.0.1",
        "User-Agent": "OpenConnect VPN Agent (NetworkManager) v8.20-1",
        "RX": "384",
        "TX": "152",
        "_RX": "384 bytes",
        "_TX": "152 bytes",
        "Average RX": "0 bytes/sec",
        "Average TX": "0 bytes/sec",
        "DPD": "60",
        "KeepAlive": "300",
        "Hostname": "ubnt",
        "Connected at": "2022-08-06 12:52",
        "_Connected at": "13m:43s",
        "Full session": "3wd4NYDOA1OaxmDdCCJNf1RdaVE=",
        "Session": "3wd4NY",
        "TLS ciphersuite": "(TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-256-GCM)",
        "DTLS cipher": "(DTLS1.2)-(PSK)-(AES-256-GCM)",
        "DNS": [],
        "NBNS": [],
        "Split-DNS-Domains": [],
        "Routes": "defaultroute",
        "No-routes": [],
        "iRoutes": [],
        "Restricted to routes": "False",
        "Restricted to ports": []
    }
]
vyos@r14:~$

Delete VPN:

vyos@r14# delete vpn 
[edit]
vyos@r14# commit
[edit]
vyos@r14# /usr/libexec/vyos/op_mode/openconnect.py show_sessions
Openconnect is not configured
[edit]
vyos@r14# /usr/libexec/vyos/op_mode/openconnect.py show_sessions --raw
{
    "openconnect": {
        "configured": false,
        "return_code": 1,
        "reason": "error connecting to ocserv socket '/run/ocserv/occtl.socket': No such file or directory"
    }
}
[edit]
vyos@r14#
Viacheslav changed the task status from In progress to Needs testing.Aug 16 2022, 11:58 AM
diogog added a subscriber: diogog.Aug 19 2022, 10:11 PM

The show command worked:

[email protected]:~$ show openconnect-server sessions
Interface Username IP Remote IP RX TX State Uptime

sslvpn0 diogo 172.30.242.194 187.74.142.210 365.0 KB 377.1 KB connected 21h:16m
[email protected]:~$

However after trying to add a new user I received the following output:

[email protected]# set vpn openconnect authentication local-users username abc password abc
[edit]
[email protected]# commit
[ vpn openconnect ]
"tcp" port "41443" is used by another service

vpn openconnect failed
Commit failed

[email protected]:~$ show ver
Version: VyOS 1.4-rolling-202208190217
Release train: sagitta

Built by: [email protected]
Built on: Fri 19 Aug 2022 02:17 UTC
Build UUID: 71bf683d-d7cb-4d71-8945-34e60337fe9f
Build commit ID: 8443b98f54c9c8

Architecture: x86_64
Boot via: installed image
System type: VMware guest

Hardware vendor: VMware, Inc.
Hardware model: VMware Virtual Platform
Hardware S/N: VMware-56 4d c7 62 3a b5 bb 1d-b9 5d 75 20 89 82 c2 63
Hardware UUID: 62c74d56-b53a-1dbb-b95d-75208982c263

Viacheslav added a comment.Aug 20 2022, 6:34 AM

It seems after this commit https://github.com/vyos/vyos-1x/commit/1b637f78b870f8ecc4971de5baf0a6fda54c40f7 for T4597
As the port already listens by ocserv itself, maybe we should revert it or change the logic to check that the port bind is not ocserv service

Viacheslav closed this task as Resolved.Aug 20 2022, 2:29 PM
Viacheslav moved this task from Need Triage to Finished on the VyOS 1.4 Sagitta board.