Page MenuHomeVyOS Platform
Create Task
Maniphest T4176

VyOS CLI command: show openvpn server/client does not display output
Closed, InvalidPublicBUG
Actions

Description

Hi,

I have the following configuration for my OpenVPN server on VyOS, that I am connecting to via a "Road Warrior" windows PC. Connection successfully works, but when running show openvpn server or show openvpn client per the documentation, no output is coming up.

openvpn-issues.png (83×655 px, 7 KB)

interfaces {
    openvpn vtun0 {
        encryption {
            cipher aes256gcm
        }
        hash sha512
        local-host <WAN_IP>
        local-port 1194
        mode server
        openvpn-option "--dev vtun0"
        openvpn-option "--ifconfig-pool-persist ipp.txt"
        openvpn-option "--keepalive 10 120"
        openvpn-option "--persist-key --persist-tun"
        openvpn-option "--status openvpn-status.log"
        openvpn-option "--verb 9"
        openvpn-option "--mute 10"
        openvpn-option --client-to-client
        persistent-tunnel
        protocol udp
        server {
            max-connections 5
            name-server <DNS_IP>
            push-route <INTERNAL_ROUTE> {
            }
            push-route <INTERNAL_ROUTE> {
            }
            subnet 10.1.12.16/28
            topology subnet
        }
        tls {
            ca-cert-file /config/auth/ca.crt
            cert-file /config/auth/server.crt
            dh-file /config/auth/dh.pem
            key-file /config/auth/server.key
        }
        use-lzo-compression
    }
}

Details

Version
VyOS 1.3-beta-202112240442
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Unspecified (please specify)

Event Timeline

nikeshhajari created this task.Jan 12 2022, 9:04 PM
pasik subscribed.Jan 13 2022, 10:47 AM
zsdc assigned this task to RyVolodya.Feb 3 2022, 11:29 AM
nikeshhajari added a comment.EditedFeb 4 2022, 5:48 AM

Found the problem here - I used a different and simpler version of the configuration above and *show openvpn server* returns an output when a client is connected.

openvpn vtun10 {
    encryption {
        cipher aes256gcm
    }
    hash sha512
    local-host <WAN IP>
    local-port 1194
    mode server
    persistent-tunnel
    protocol udp
    server {
        max-connections 5
        name-server <DNS IP>
        push-route <INTERNAL ROUTE> {
        }
        push-route <INTERNAL ROUTE> {
        }
        subnet 10.1.12.16/28
        topology subnet
    }
    tls {
        ca-cert-file /config/auth/ca.crt
        cert-file /config/auth/router.crt
        dh-file /config/auth/dh.pem
        key-file /config/auth/router.key
    }
    use-lzo-compression
}
OpenVPN status on vtun10

Client CN       Remote Host           Local Host            TX bytes    RX bytes   Connected Since
---------       -----------           ----------            --------    --------   ---------------

client01        <IP>:47422   <IP>:1194    21.1 KB     36.3 KB    2022-02-03 20:33:34

Turns out using this config param *openvpn-option "--status openvpn-status.log"* will override the default file name that VyOS pulls from in the /run/openvpn directory (file name vtun<tunnel number>.status) to display the output. This is a non-bug and I will close it.

nikeshhajari closed this task as Invalid.Feb 4 2022, 5:49 AM
syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.Aug 29 2022, 12:15 PM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.0); removed VyOS 1.3 Equuleus.
syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0) board.