Page MenuHomeVyOS Platform
Create Task
Maniphest T3081

get_config_dict() does not honor whitespaces in the CLI values field
Closed, ResolvedPublicBUG
Actions

Description

Using the following configuration:

set interfaces openvpn vtun0 encryption cipher 'aes256gcm'
set interfaces openvpn vtun0 keep-alive failure-count '3'
set interfaces openvpn vtun0 keep-alive interval '10'
set interfaces openvpn vtun0 mode 'server'
set interfaces openvpn vtun0 openvpn-option 'tls-auth /config/auth/openvpn/ta.key 0'
set interfaces openvpn vtun0 server name-server '10.53.53.53'
set interfaces openvpn vtun0 server name-server '10.53.53.54'
set interfaces openvpn vtun0 server push-route '0.0.0.0/0'
set interfaces openvpn vtun0 server subnet '10.7.178.0/24'
set interfaces openvpn vtun0 tls ca-cert-file '/config/auth/ovpn_test_ca.pem'
set interfaces openvpn vtun0 tls cert-file '/config/auth/ovpn_test_server.pem'
set interfaces openvpn vtun0 tls dh-file '/config/auth/ovpn_test_dh.pem'
set interfaces openvpn vtun0 tls key-file '/config/auth/ovpn_test_server.key'
set interfaces openvpn vtun0 use-lzo-compression

will render:

{'auth_user_pass_file': '/run/openvpn/vtun0.pw',
 'daemon_group': 'openvpn',
 'daemon_user': 'openvpn',
 'device_type': 'tun',
 'encryption': {'cipher': 'aes256gcm'},
 'ifname': 'vtun0',
 'keep_alive': {'failure_count': '3', 'interval': '10'},
 'mode': 'server',
 'openvpn_option': ['tls-auth', '/config/auth/openvpn/ta.key', '0'],
 'protocol': 'udp',
 'server': {'name_server': ['10.53.53.53', '10.53.53.54'],
            'push_route': ['0.0.0.0/0'],
            'subnet': ['10.7.178.0/24'],
            'topology': 'net30'},
 'tls': {'ca_cert_file': '/config/auth/ovpn_test_ca.pem',
         'cert_file': '/config/auth/ovpn_test_server.pem',
         'dh_file': '/config/auth/ovpn_test_dh.pem',
         'key_file': '/config/auth/ovpn_test_server.key'},
 'use_lzo_compression': {}}

The error can be seen in the openvpn_option key, the value from the CLI is split() into individual list elements. This is wrong. the proper result shoudl be: 'openvpn_option': ['tls-auth /config/auth/openvpn/ta.key 0']. My initial feeling is that this comes from the change that a multi node should always be represented as a list (https://github.com/vyos/vyos-1x/commit/b40c5268).

As defining a CLI node which is non-multi with a value containing whitespaces works: 'description': 'asdf ghje sadf' - interface descriptions are a good example here.

Details

Difficulty level
Unknown (require assessment)
Version
1.3-rolling-202011200217
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)

Related Objects
Search...

Event Timeline

c-po changed the task status from Open to Confirmed.Nov 22 2020, 9:19 AM
c-po triaged this task as High priority.
c-po created this task.
c-po updated the task description. (Show Details)
c-po updated the task description. (Show Details)Nov 22 2020, 9:22 AM
c-po added a subtask: T3080: OpenVPN failing silently for a number of reasons in rolling post Nov/02.
c-po added a subscriber: kroy.
c-po assigned this task to jestabro.Nov 22 2020, 9:25 AM
c-po updated the task description. (Show Details)
c-po changed the status of subtask T3080: OpenVPN failing silently for a number of reasons in rolling post Nov/02 from In progress to Needs testing.Nov 22 2020, 9:41 AM
jestabro mentioned this in T3082: multi_to_list must distinguish between values and defaults.Nov 23 2020, 1:31 AM
jestabro added a subtask: T3082: multi_to_list must distinguish between values and defaults.
jestabro closed this task as Resolved.Nov 23 2020, 2:46 AM
jestabro moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.

See subtask T3082 for origin and details of this issue.

jestabro changed the status of subtask T3082: multi_to_list must distinguish between values and defaults from Open to Confirmed.Nov 23 2020, 2:50 AM
pasik added a subscriber: pasik.Nov 23 2020, 8:12 AM
c-po closed subtask T3080: OpenVPN failing silently for a number of reasons in rolling post Nov/02 as Resolved.Nov 23 2020, 9:19 AM

Fixed, thanks!

[ interfaces openvpn vtun0 ]
{'auth_user_pass_file': '/run/openvpn/vtun0.pw',
 'daemon_group': 'openvpn',
 'daemon_user': 'openvpn',
 'device_type': 'tun',
 'encryption': {'cipher': 'aes256gcm'},
 'ifname': 'vtun0',
 'keep_alive': {'failure_count': '3', 'interval': '10'},
 'mode': 'server',
 'openvpn_option': ['tls-auth /config/auth/ovpn_test_site2site.key 0'],
 'protocol': 'udp',
 'server': {'name_server': ['10.53.53.53', '10.53.53.54'],
            'push_route': ['0.0.0.0/0'],
            'subnet': ['10.7.178.0/24'],
            'topology': 'net30'},
 'tls': {'ca_cert_file': '/config/auth/ovpn_test_ca.pem',
         'cert_file': '/config/auth/ovpn_test_server.pem',
         'dh_file': '/config/auth/ovpn_test_dh.pem',
         'key_file': '/config/auth/ovpn_test_server.key'},
 'use_lzo_compression': {}}
jestabro closed subtask T3082: multi_to_list must distinguish between values and defaults as Resolved.Dec 29 2020, 2:53 PM
erkin set Issue type to Bug (incorrect behavior).Aug 29 2021, 12:13 PM
erkin removed a subscriber: Active contributors.
syncer edited projects, added VyOS 1.3 Equuleus (1.3.0); removed VyOS 1.3 Equuleus.Aug 29 2022, 7:12 PM
syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0) board.