Page MenuHomeVyOS Platform

VyOS 1.3 Don't set daemon in openvpn-{intf}.conf file
Closed, ResolvedPublicBUG

Description

Small feature request for VyOS 1.3 that now sets all the configuration options in a openvpn-{intf}.conf file.
It also sets daemon openvpn-{intf} in the config file, which makes it harder for debugging if you want to test the configuration manually by running:

sudo openvpn --config /opt/vyatta/etc/openvpn/openvpn-vtun0.conf

If daemon was specified in the config it would run as a daemon immediately and the output is logged to syslog. If it's not defined you will see stdout and stderr which is what you would expect.

I request the following change in /usr/libexec/vyos/conf_mode/interfaces-openvpn.py:

  1. Don't write daemon to openvpn config file by removing it from the Jinja template
  2. Start OpenVPN using openvpn --daemon openvpn-{intf} --config /opt/vyatta/etc/openvpn/openvpn-{intf}.conf eg:
# No matching OpenVPN process running - maybe it got killed or none
# existed - nevertheless, spawn new OpenVPN process
cmd  = 'start-stop-daemon --start --quiet'
cmd += ' --pidfile ' + pidfile
cmd += ' --exec /usr/sbin/openvpn'
# now pass arguments to openvpn binary
cmd += ' --'
cmd += ' --daemon openvpn-' + openvpn['intf']
cmd += ' --config ' + get_config_name(openvpn['intf'])

Details

Version
VyOS 1.3-rolling-202002190654
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Event Timeline

yun edited a custom field.
yun changed Version from - to VyOS 1.3-rolling-202002190654.
syncer triaged this task as Normal priority.
syncer changed the subtype of this task from "Feature Request" to "Bug".

Thanks for the quick fix c-po, I noticed this also needs to be fixed in /usr/libexec/vyos/op_mode/reset_openvpn.py in case someone runs for example:

$ reset openvpn interface vtun0
erkin set Issue type to Bug (incorrect behavior).Aug 31 2021, 5:33 PM