Page MenuHomeVyOS Platform
Create Task
Maniphest T3009

vpn l2tp remoteaccess require option broken
Closed, ResolvedPublicBUG
Actions

Description

On the latest build, the following feature is broken

set vpn l2tp remote-access authentication require {value}

Setting this option should adjust the authentication options in the generated file at /run/accel-pppd/l2tp.conf
however, it looks like the template vpn_l2tp.xml.in and vpn_l2tp.py is broken.

There are references on line 103 and 111 in vpn_l2tp.py to if conf.exists(['authentication', 'protocols']):
but as per template definition I think it should be
if conf.exists(['authentication', 'require']):

Also, the way the code is written it looks like it would always include auth_mschap_v2 with no way to disable it.

Details

Difficulty level
Easy (less than an hour)
Version
1.3 rolling
Why the issue appeared?
Implementation mistake
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)

Event Timeline

drac created this task.Oct 22 2020, 10:21 PM
pasik added a subscriber: pasik.Oct 23 2020, 8:16 AM
c-po claimed this task.Oct 24 2020, 3:18 PM
c-po triaged this task as High priority.
c-po changed Why the issue appeared? from Will be filled on close to Implementation mistake.
c-po changed Is it a breaking change? from Unspecified (possibly destroys the router) to Perfectly compatible.

Hi @drac, good catch and nice reverse engineering of our code.

Thank you for reporting this nasty one!

c-po closed this task as Resolved.Oct 24 2020, 3:19 PM
c-po moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.Nov 23 2020, 4:01 PM
erkin set Issue type to Bug (incorrect behavior).Aug 29 2021, 12:28 PM
erkin removed a subscriber: Active contributors.
syncer edited projects, added VyOS 1.3 Equuleus (1.3.0); removed VyOS 1.3 Equuleus.Aug 29 2022, 12:27 PM
syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0) board.