Page MenuHomeVyOS Platform

OpenVPN site-to-site incorrect check for IPv6 local and remote address
Closed, ResolvedPublicBUG

Description

OpenVPN site-to-site incorrect check for IPv6 local and remote address

To reproduce

set interfaces openvpn vtun2 mode site-to-site
set interfaces openvpn vtun2 protocol udp
set interfaces openvpn vtun2 persistent-tunnel
set interfaces openvpn vtun2 remote-host dead:beaf::f
set interfaces openvpn vtun2 local-port '1195'
set interfaces openvpn vtun2 remote-port '1195'
set interfaces openvpn vtun2 shared-secret-key-file '/config/auth/openvpn-1.key'
set interfaces openvpn vtun2 local-address 2001:db8::1
set interfaces openvpn vtun2 remote-address 2001:db8::2

Commit:

vyos@r1# commit

"local-address" and "remote-address" cannot be the same

[[interfaces openvpn vtun2]] failed
Commit failed
[edit]
vyos@r1#

Incorrect check https://github.com/vyos/vyos-1x/blob/b9678136eac767ece3d5a5e53f9f2b9c47c7477a/src/conf_mode/interfaces-openvpn.py#L162-L163

Details

Version
VyOS 1.3.1-S1, VyOS 1.3.2, VyOS 1.4-rolling-202209070217
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Event Timeline

Viacheslav changed Version from VyOS 1.3.1-S1,VyOS 1.3.2 to VyOS 1.3.1-S1, VyOS 1.3.2, VyOS 1.4-rolling-202209070217.
Viacheslav changed the task status from Open to In progress.Sep 9 2022, 10:30 AM
Viacheslav claimed this task.

The real check without IPv4 local/remote:

vyos@r14# commit
[ interfaces openvpn vtun2 ]

DEBUG: [] == [] or ['2001:db8::2'] == []
Viacheslav moved this task from Open to Finished on the VyOS 1.4 Sagitta board.
Viacheslav moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.3) board.