Page MenuHomeVyOS Platform

show openvpn server occasionally returns IndexError: list index out of range
Closed, DuplicatePublicBUG

Description

Appears to happen when no clients are connected.

adam@gw01:~$ show openvpn server
Traceback (most recent call last):
  File "/usr/libexec/vyos/op_mode/show_openvpn.py", line 169, in <module>
    data = get_status(args.mode, intf)
  File "/usr/libexec/vyos/op_mode/show_openvpn.py", line 126, in get_status
    client["tunnel"] = get_vpn_tunnel_address(client['remote'], interface)
  File "/usr/libexec/vyos/op_mode/show_openvpn.py", line 62, in get_vpn_tunnel_address
    tunnel_ip = lst[1].split(',')[0]
IndexError: list index out of range
adam@gw01:~$
adam@gw01:~$ show conf com | match openvpn
set interfaces openvpn vtun10 hash 'sha1'
set interfaces openvpn vtun10 keep-alive failure-count '60'
set interfaces openvpn vtun10 keep-alive interval '10'
set interfaces openvpn vtun10 local-host '1.2.3.4'
set interfaces openvpn vtun10 local-port '1194'
set interfaces openvpn vtun10 mode 'server'
set interfaces openvpn vtun10 openvpn-option '--data-ciphers-fallback BF-CBC'
set interfaces openvpn vtun10 openvpn-option '--data-ciphers AES-128-CBC:AES-128-GCM:AES-256-CBC:AES-256-GCM:BF-CBC'
set interfaces openvpn vtun10 openvpn-option '--comp-lzo yes'
set interfaces openvpn vtun10 openvpn-option '--allow-compression yes'
set interfaces openvpn vtun10 openvpn-option '--push redirect-gateway def1'
set interfaces openvpn vtun10 openvpn-option '--push remote-gateway 10.9.1.1'
set interfaces openvpn vtun10 openvpn-option '--push dhcp-option DNS 8.8.8.8'
set interfaces openvpn vtun10 protocol 'udp'
set interfaces openvpn vtun10 server client-ip-pool start '10.9.1.10'
set interfaces openvpn vtun10 server client-ip-pool stop '10.9.1.99'
set interfaces openvpn vtun10 server domain-name 'vtr.example.com'
set interfaces openvpn vtun10 server max-connections '1000'
set interfaces openvpn vtun10 server name-server '10.8.0.1'
set interfaces openvpn vtun10 server subnet '10.9.1.0/24'
set interfaces openvpn vtun10 server topology 'net30'
set interfaces openvpn vtun10 tls ca-certificate 'ca-1'
set interfaces openvpn vtun10 tls certificate 'srv-1'
set interfaces openvpn vtun10 tls dh-params 'dh-1'
set interfaces openvpn vtun10 use-lzo-compression

Details

Version
VyOS 1.4-rolling-202209220743
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Event Timeline

Send steps to reproduce it or “show conf com | match openvpn ”

I can't reproduce it, VyOS 1.4-rolling-202209290218
Config:

vyos@r14:~$ show conf com | match openv
set interfaces openvpn vtun10 hash 'sha1'
set interfaces openvpn vtun10 keep-alive failure-count '60'
set interfaces openvpn vtun10 keep-alive interval '10'
set interfaces openvpn vtun10 local-host '203.0.113.1'
set interfaces openvpn vtun10 local-port '1194'
set interfaces openvpn vtun10 mode 'server'
set interfaces openvpn vtun10 openvpn-option '--data-ciphers-fallback BF-CBC'
set interfaces openvpn vtun10 openvpn-option '--data-ciphers AES-128-CBC:AES-128-GCM:AES-256-CBC:AES-256-GCM:BF-CBC'
set interfaces openvpn vtun10 openvpn-option '--comp-lzo yes'
set interfaces openvpn vtun10 openvpn-option '--allow-compression yes'
set interfaces openvpn vtun10 openvpn-option '--push redirect-gateway def1'
set interfaces openvpn vtun10 openvpn-option '--push remote-gateway 10.9.1.1'
set interfaces openvpn vtun10 openvpn-option '--push dhcp-option DNS 8.8.8.8'
set interfaces openvpn vtun10 protocol 'udp'
set interfaces openvpn vtun10 server client-ip-pool start '10.9.1.10'
set interfaces openvpn vtun10 server client-ip-pool stop '10.9.1.99'
set interfaces openvpn vtun10 server domain-name 'vtr.example.com'
set interfaces openvpn vtun10 server max-connections '1000'
set interfaces openvpn vtun10 server name-server '10.8.0.1'
set interfaces openvpn vtun10 server subnet '10.9.1.0/24'
set interfaces openvpn vtun10 server topology 'net30'
set interfaces openvpn vtun10 tls ca-certificate 'ca'
set interfaces openvpn vtun10 tls certificate 'cert'
set interfaces openvpn vtun10 tls dh-params 'dh'
set interfaces openvpn vtun10 use-lzo-compression
vyos@r14:~$

Op-mode

vyos@r14:~$ show openvpn server 

OpenVPN status on vtun10

Client CN       Remote Host            Tunnel IP        Local Host            TX bytes    RX bytes   Connected Since
---------       -----------            ---------        ----------            --------    --------   ---------------

vyos.io          192.168.122.1:60927    10.9.1.10        203.0.113.1:1194      4.5 KB      3.1 KB     2022-09-29 12:52:46

vyos@r14:~$

Interestingly enough, I just found this error as well, but showed lines 173, 130, and 66.

I thought this was on the 1.3.4, but show version displayed 1.3.3. Rebooted into 1.3.4, and no such issue. Not sure what the edge case is that's causing this, as I know this command worked previously on the 1.3.3 release as well.

I finally got a chance to dive into this some more.

It appears this issue is caused by there being clients in the CLIENT LIST, but absent from the ROUTING TABLE. This occurs when scanning is done to attempt to connect to the OpenVPN server, but no actual connection is made.

There will need to be some error handling added to the script to safely ignore those clients.

Should be fixed in T5817
Could you re-check?