Page MenuHomeVyOS Platform
Create Task
Maniphest T5728

Improve compatibility between OpenVPN on VyOS 1.5 and OpenVPN Connect Client
Closed, ResolvedPublicBUG
Actions

Description

hi,
I had some issues with OpenVPN Connect client not working in terms of split tunnel routing which I discussed here;
https://forum.vyos.io/t/openvpn-split-tunnel-routing/12656/9

The issue was that the file; /run/openvpn/vtun0.conf that gets generated was generating client routing lines like;

push "route 10.0.10.0 255.255.255.0 10.10.0.1 0"

when for compatibility with OpenVPN Connect client (and possibly other OpenVPN clients, it needs to generate lines in the format of

push "route 10.0.10.0 255.255.255.0 vpn_gateway 0"

Without the change OpenVPN Connect Client fails to process the routes at connect time and it results in message such as;

exception parsing IPv4 route: [route] [10.0.10.0] [255.255.255.0] [10.10.0.1][0]: tun_prop_route_error: route destinations other than vpn_gateway or net_gateway are not supported

As discussed in the forum post, the solution is to modify line 82 of /usr/share/vyos/templates/openvpn/server.conf.j2
from;

push "route {{ route | address_from_cidr }} {{ route | netmask_from_cidr }} {{ subnet | first_host_address ~ ' ' ~ route_config.metric if route_config.metric is vyos_defined }}"

to;

push "route {{ route | address_from_cidr }} {{ route | netmask_from_cidr }} {{ 'vpn_gateway' ~ ' ' ~ route_config.metric if route_config.metric is vyos_defined }}"

The proposed change doesn't impact the behavior of OpenVPN Community client or Tunnelblick on the Mac and that works regardless.

thanks.

Details

Difficulty level
Easy (less than an hour)
Version
1.5 Nightly
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)

Event Timeline

watson.ash created this task.Nov 10 2023, 2:24 AM
pasik added a subscriber: pasik.Nov 10 2023, 9:23 AM
syncer assigned this task to Viacheslav.Nov 11 2023, 6:39 AM
syncer triaged this task as Normal priority.
Viacheslav added a comment.Nov 12 2023, 2:59 PM

PR https://github.com/vyos/vyos-1x/pull/2475

Viacheslav changed the task status from Open to In progress.Nov 12 2023, 3:09 PM
I-n-d-y added a subscriber: I-n-d-y.Nov 12 2023, 3:50 PM
Viacheslav added a comment.EditedNov 14 2023, 4:47 PM

@watson.ash Will be fixed in the next rolling release. Could you check it (after 2023-11-14)
And we can backport it to 1.4 if all works fine.
Thanks.

Viacheslav changed the task status from In progress to Needs testing.Nov 14 2023, 5:15 PM
Viacheslav added a project: VyOS 1.4 Sagitta.
Viacheslav closed this task as Resolved.Nov 15 2023, 8:29 AM
Viacheslav moved this task from Need Triage to Finished on the VyOS 1.5 Circinus board.
Viacheslav moved this task from Need Triage to Finished on the VyOS 1.4 Sagitta board.
watson.ash added a comment.Nov 15 2023, 9:22 PM

looks great from my perspective (I've just updated our nodes. Tested on Community Edition client on windows and Connect V3 client on windows and Tunnelblick on Mac all working as expected. (I tested with; 1.5-rolling-202311150738).
nice work!