Page MenuHomeVyOS Platform
Create Task
Maniphest T4402

OpenVPN client-ip-pool option is broken
Closed, ResolvedPublicBUG
Actions

Description

There are multiple problems with it:

  • There's no space between the pool end and the netmask in the generated config, so it can never work.
  • In addition, the netmask parameter is always generated, even though it's only valid for the tap mode. In the tun mode, it prevents OpenVPN from starting.
  • Last but not least, ifconfig-pool: first from the subnet option, without checking whether the user defined it explicitly; second time from the client-ip-pool option defined by the user.

Trying to run OpenVPN with extra subnet parameter in ifconfig-pool results in this error and terminates the OpenVPN process:

openvpn-vtun0[9645]: Options error: The third parameter to --ifconfig-pool (netmask) is only valid in --dev tap mode

The man page says:

Valid syntax:

                 ifconfig-pool start-IP end-IP [netmask]

              For  tun-style  tunnels, each client will be given a /30 subnet (for interoperability with Windows clients).  For tap-style tunnels, individual addresses will be allocated, and the optional netmask parameter will also
              be pushed to clients.

Details

Version
1.3.1
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)

Related Objects

Event Timeline

dmbaturin created this task.May 1 2022, 11:56 AM
dmbaturin renamed this task from OpenVPN ifconfig-pool option is broken to OpenVPN client-ip-pool option is broken.May 1 2022, 12:13 PM
dmbaturin claimed this task.
dmbaturin updated the task description. (Show Details)
pasik subscribed.May 1 2022, 2:17 PM
Restricted Repository Identity mentioned this in rVYOSONEXa9f2a2ed73aa: Merge pull request #1309 from dmbaturin/T4402-equ.May 8 2022, 9:18 PM
dmbaturin mentioned this in rVYOSONEXf64b7cb6e6c9: T4402: fix ifconfig-pool generation logic.May 8 2022, 9:18 PM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.3 Equuleus (1.3.0).Aug 29 2022, 7:04 AM
Restricted Repository Identity mentioned this in rVYOSONEX728aa02c80c2: Merge pull request #1968 from nagua/patch-1.Apr 24 2023, 2:58 PM
nagua mentioned this in rVYOSONEXc60e364c9c82: OpenVPN: T4402: Update OpenVPN server.conf.j2 template.Apr 24 2023, 2:58 PM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.4); removed VyOS 1.3 Equuleus (1.3.3).Jul 12 2023, 9:38 PM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).Aug 25 2023, 9:29 PM
Viacheslav changed the task status from Open to Needs testing.Aug 30 2023, 11:14 AM
Viacheslav subscribed.

Should be fixed, needs testing.

dmbaturin closed this task as Resolved.Oct 21 2023, 12:28 PM
dmbaturin edited a custom field.
dmbaturin mentioned this in 1.3.5.Dec 4 2023, 10:53 PM
syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.5) board.Dec 18 2023, 12:19 AM