Page MenuHomeVyOS Platform
Create Task
Maniphest T4872

Op-mode show openvpn misses a case when parsing for tunnel IP
Closed, ResolvedPublicBUG
Actions

Description

The parsing of the status file for the tunnel client IP makes some assumptions on the order of the lines containing the peer address; those are false in the case of a subnet configured under the [..., 'server', 'client'] tagnode. This will be fixed in the rewrite in T4770 for Sagitta, and in the original for Equuleus.

Details:

For the config fragment:

>>> conf = Config()
>>> d = conf.get_config_dict(["interfaces", "openvpn", "vtun10", "server"], get_first_key=True)
>>> pprint(d)
{'client': {'client1': {'ip': ['10.10.0.10']}},
 'max-connections': '250',
 'subnet': ['10.10.0.0/24'],
 'topology': 'subnet'}

the status file is as follows:

jestabro@vyos:~$ sudo cat /run/openvpn/vtun10.status
OpenVPN CLIENT LIST
Updated,2022-12-10 21:32:34
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
client1,98.212.152.242:55733,8609,8502,2022-12-10 21:11:12
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
10.10.0.10,client1,98.212.152.242:55733,2022-12-10 21:11:12
GLOBAL STATS
Max bcast/mcast queue length,0
END

The parsing for tunnel ID correctly find this in lines[1], for the list of lines containing "client1".
However, for config fragment:

>>> conf = Config()
>>> d = conf.get_config_dict(["interfaces", "openvpn", "vtun10", "server"], get_first_key=True)
>>> pprint(d)
{'client': {'client1': {'ip': ['10.10.1.10'], 'subnet': ['10.10.2.0/25']}},
 'max-connections': '250',
 'subnet': ['10.10.1.0/24'],
 'topology': 'subnet'}

the status file is:

jestabro@vyos:~$ sudo cat /run/openvpn/vtun10.status 
OpenVPN CLIENT LIST
Updated,2022-12-10 22:07:36
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
client1,98.212.152.242:50574,5452,5362,2022-12-10 22:01:33
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
10.10.1.10,client1,98.212.152.242:50574,2022-12-10 22:03:13
10.10.2.0/25,client1,98.212.152.242:50574,2022-12-10 22:01:33
GLOBAL STATS
Max bcast/mcast queue length,0
END

and getting lines[1] will give the incorrect entry. Consequently, we will filter out the subnet lines before looking for the tunnel IP.

Details

Version
vyos-1.4, vyos-1.3.2
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)

Related Objects
Search...

Event Timeline

jestabro created this task.Dec 9 2022, 9:22 PM
jestabro triaged this task as Normal priority.
jestabro created this object in space S1 VyOS Public.
jestabro changed Version from vyos-1.4, vyos-1.3.3 to vyos-1.4, vyos-1.3.2.
jestabro added a parent task: T4381: OpenVPN: Add "Tunnel IP" column in "show openvpn server" operational command.
pasik subscribed.Dec 9 2022, 10:00 PM
jestabro added a comment.Dec 9 2022, 10:46 PM

PR:
https://github.com/vyos/vyos-1x/pull/1703

jestabro updated the task description. (Show Details)Dec 10 2022, 9:43 PM
jestabro updated the task description. (Show Details)Dec 10 2022, 10:08 PM
Restricted Repository Identity mentioned this in rVYOSONEXfb6ceae548ec: Merge pull request #1703 from jestabro/bug-tunnel-ip.Dec 10 2022, 11:12 PM
jestabro mentioned this in rVYOSONEX779f4001a482: openvpn: T4872: fix parsing of tunnel IP in 'show openvpn server'.Dec 10 2022, 11:12 PM
jestabro closed this task as Unknown Status.Dec 10 2022, 11:13 PM
jestabro moved this task from Open to Finished on the VyOS 1.4 Sagitta board.
jestabro mentioned this in T4381: OpenVPN: Add "Tunnel IP" column in "show openvpn server" operational command.Mar 7 2023, 8:01 PM

Backport PR:
https://github.com/vyos/vyos-1x/pull/1874

jestabro moved this task from Need Triage to Backport Candidates on the VyOS 1.3 Equuleus (1.3.3) board.Mar 7 2023, 8:02 PM
jestabro mentioned this in rVYOSONEX337cf8554316: openvpn: T4872: fix parsing of tunnel IP in 'show openvpn server'.Mar 8 2023, 5:31 AM
jestabro changed the task status from Unknown Status to Resolved.Mar 8 2023, 3:16 PM
jestabro moved this task from Backport Candidates to Finished on the VyOS 1.3 Equuleus (1.3.3) board.
dmbaturin mentioned this in 1.3.3.May 19 2023, 1:04 PM