Page MenuHomeVyOS Platform

OpenVPN tap devices won't come up automatically
Closed, ResolvedPublicBUG

Description

OpenVPN tap devices are administratively down (A/D in "show interfaces") after being configured, and the only way I can figure out to bring them up is by running "sudo ip link set [device] up". After reboot the tunnels are down again, so at the moment I have this in my vyos-postconfig-bootup.script files: "sudo ip tuntap | cut -d: -f1 | xargs -I % sudo ip link set % up" to bring up all of them automatically after reboot.

tun devices work fine, this issue is only on tap devices.

Tested on vyos-1.3-rolling-201912290217, which I know is a few weeks old, but I haven't had an opportunity to test on a newer build.

Example config:
set interfaces openvpn vtun29003 description 'Data tunnel'
set interfaces openvpn vtun29003 device-type 'tap'
set interfaces openvpn vtun29003 encryption cipher 'aes256'
set interfaces openvpn vtun29003 hash 'sha256'
set interfaces openvpn vtun29003 local-port 'REDACTED'
set interfaces openvpn vtun29003 mode 'site-to-site'
set interfaces openvpn vtun29003 persistent-tunnel
set interfaces openvpn vtun29003 remote-host 'REDACTED'
set interfaces openvpn vtun29003 remote-port 'REDACTED'
set interfaces openvpn vtun29003 shared-secret-key-file '/config/auth/tunnel.key'

Details

Difficulty level
Easy (less than an hour)
Version
vyos-1.3-rolling-201912290217
Why the issue appeared?
Implementation mistake
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Event Timeline

c-po changed Difficulty level from Unknown (require assessment) to Easy (less than an hour).
c-po changed Why the issue appeared? from Will be filled on close to Implementation mistake.
erkin set Issue type to Bug (incorrect behavior).Aug 31 2021, 5:52 PM