Page MenuHomeVyOS Platform

OpenVPN site-to-site incorrect check for IPv6 local and remote address
Closed, ResolvedPublicBUG

Description

OpenVPN site-to-site incorrect check for IPv6 local and remote address

To reproduce

set interfaces openvpn vtun2 mode site-to-site
set interfaces openvpn vtun2 protocol udp
set interfaces openvpn vtun2 persistent-tunnel
set interfaces openvpn vtun2 remote-host dead:beaf::f
set interfaces openvpn vtun2 local-port '1195'
set interfaces openvpn vtun2 remote-port '1195'
set interfaces openvpn vtun2 shared-secret-key-file '/config/auth/openvpn-1.key'
set interfaces openvpn vtun2 local-address 2001:db8::1
set interfaces openvpn vtun2 remote-address 2001:db8::2

Commit:

[email protected]# commit

"local-address" and "remote-address" cannot be the same

[[interfaces openvpn vtun2]] failed
Commit failed
[edit]
[email protected]#

Incorrect check https://github.com/vyos/vyos-1x/blob/b9678136eac767ece3d5a5e53f9f2b9c47c7477a/src/conf_mode/interfaces-openvpn.py#L162-L163

Details

Difficulty level
Easy (less than an hour)
Version
VyOS 1.3.1-S1, VyOS 1.3.2, VyOS 1.4-rolling-202209070217
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Related Objects

Mentioned In
1.3.3

Event Timeline

Viacheslav changed Version from VyOS 1.3.1-S1,VyOS 1.3.2 to VyOS 1.3.1-S1, VyOS 1.3.2, VyOS 1.4-rolling-202209070217.
Viacheslav changed the task status from Open to In progress.Fri, Sep 9, 10:30 AM
Viacheslav claimed this task.

The real check without IPv4 local/remote:

[email protected]# commit
[ interfaces openvpn vtun2 ]

DEBUG: [] == [] or ['2001:db8::2'] == []
Viacheslav moved this task from Need Triage to Finished on the VyOS 1.4 Sagitta board.
Viacheslav moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.3) board.