Page MenuHomeVyOS Platform
Create Task
Maniphest T4872

Op-mode show openvpn misses a case when parsing for tunnel IP
Closed, ResolvedPublicBUG
Actions

Description

The parsing of the status file for the tunnel client IP makes some assumptions on the order of the lines containing the peer address; those are false in the case of a subnet configured under the [..., 'server', 'client'] tagnode. This will be fixed in the rewrite in T4770 for Sagitta, and in the original for Equuleus.

Details:

For the config fragment:

>>> conf = Config()
>>> d = conf.get_config_dict(["interfaces", "openvpn", "vtun10", "server"], get_first_key=True)
>>> pprint(d)
{'client': {'client1': {'ip': ['10.10.0.10']}},
 'max-connections': '250',
 'subnet': ['10.10.0.0/24'],
 'topology': 'subnet'}

the status file is as follows:

jestabro@vyos:~$ sudo cat /run/openvpn/vtun10.status
OpenVPN CLIENT LIST
Updated,2022-12-10 21:32:34
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
client1,98.212.152.242:55733,8609,8502,2022-12-10 21:11:12
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
10.10.0.10,client1,98.212.152.242:55733,2022-12-10 21:11:12
GLOBAL STATS
Max bcast/mcast queue length,0
END

The parsing for tunnel ID correctly find this in lines[1], for the list of lines containing "client1".
However, for config fragment:

>>> conf = Config()
>>> d = conf.get_config_dict(["interfaces", "openvpn", "vtun10", "server"], get_first_key=True)
>>> pprint(d)
{'client': {'client1': {'ip': ['10.10.1.10'], 'subnet': ['10.10.2.0/25']}},
 'max-connections': '250',
 'subnet': ['10.10.1.0/24'],
 'topology': 'subnet'}

the status file is:

jestabro@vyos:~$ sudo cat /run/openvpn/vtun10.status 
OpenVPN CLIENT LIST
Updated,2022-12-10 22:07:36
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
client1,98.212.152.242:50574,5452,5362,2022-12-10 22:01:33
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
10.10.1.10,client1,98.212.152.242:50574,2022-12-10 22:03:13
10.10.2.0/25,client1,98.212.152.242:50574,2022-12-10 22:01:33
GLOBAL STATS
Max bcast/mcast queue length,0
END

and getting lines[1] will give the incorrect entry. Consequently, we will filter out the subnet lines before looking for the tunnel IP.

Details

Difficulty level
Easy (less than an hour)
Version
vyos-1.4, vyos-1.3.2
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)

Related Objects
Search...

Event Timeline

jestabro triaged this task as Normal priority.Dec 9 2022, 9:22 PM
jestabro created this task.
jestabro created this object in space S1 VyOS Public.
jestabro changed Version from vyos-1.4, vyos-1.3.3 to vyos-1.4, vyos-1.3.2.
jestabro added a parent task: T4381: OpenVPN: Add "Tunnel IP" column in "show openvpn server" operational command.
pasik added a subscriber: pasik.Dec 9 2022, 10:00 PM
jestabro added a comment.Dec 9 2022, 10:46 PM

PR:
https://github.com/vyos/vyos-1x/pull/1703

jestabro updated the task description. (Show Details)Dec 10 2022, 9:43 PM
jestabro updated the task description. (Show Details)Dec 10 2022, 10:08 PM
jestabro changed the task status from Open to Backport pending.Dec 10 2022, 11:13 PM
jestabro moved this task from Need Triage to Finished on the VyOS 1.4 Sagitta board.
jestabro mentioned this in T4381: OpenVPN: Add "Tunnel IP" column in "show openvpn server" operational command.Mar 7 2023, 8:01 PM

Backport PR:
https://github.com/vyos/vyos-1x/pull/1874

jestabro moved this task from Need Triage to Backport Candidates on the VyOS 1.3 Equuleus (1.3.3) board.Mar 7 2023, 8:02 PM
jestabro closed this task as Resolved.Mar 8 2023, 3:16 PM
jestabro moved this task from Backport Candidates to Finished on the VyOS 1.3 Equuleus (1.3.3) board.
dmbaturin mentioned this in 1.3.3.May 19 2023, 1:04 PM