Unhandled exception in "show openvpn server"
Closed, ResolvedPublicBUG
Actions

Assigned To

Authored By

	SrividyaA
	Apr 17 2024, 10:17 AM

Description

The traceback error is still received sometimes for the op-command "show openvpn server" if any of the client connection is not established properly.

Traceback (most recent call last):
  File "/usr/libexec/vyos/op_mode/openvpn.py", line 247, in <module>
    res = vyos.opmode.run(sys.modules[__name__])
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/vyos/opmode.py", line 263, in run
    res = func(**args)
          ^^^^^^^^^^^^
  File "/usr/libexec/vyos/op_mode/openvpn.py", line 230, in show
    openvpn_data = _get_raw_data(mode)
                   ^^^^^^^^^^^^^^^^^^^
  File "/usr/libexec/vyos/op_mode/openvpn.py", line 177, in _get_raw_data
    d = _get_interface_status(mode, intf)
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/libexec/vyos/op_mode/openvpn.py", line 120, in _get_interface_status
    client['tunnel'] = _get_tunnel_address(client['remote_host'],
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/libexec/vyos/op_mode/openvpn.py", line 51, in _get_tunnel_address
    tunnel_ip = lst[0].split(',')[0]
                ~~~^^^
IndexError: list index out of range

Previous reference task: https://vyos.dev/T5817
forum article: https://forum.vyos.io/t/openvpn-indexerror-list-index-out-of-range/14222

Details

Version: 1.5-rolling-202404141045
Is it a breaking change?: Perfectly compatible
Issue type: Unspecified (please specify)

Related Objects

Mentioned In: rVYOSONEX63eb47d62eff: Merge pull request #3331 from vyos/mergify/bp/sagitta/pr-3330
rVYOSONEX3976eebd3d10: openvpn: T6245: return 'n/a' if client info not available
rVYOSONEXa43f1c00bdc5: openvpn: T6245: return 'n/a' if client info not available
rVYOSONEX8bb55a50d08b: Merge pull request #3330 from jestabro/show-openvpn-fail
Mentioned Here: T5817: Show openvpn server fails in some cases

Event Timeline

SrividyaA created this task.Apr 17 2024, 10:17 AM

SrividyaA triaged this task as Normal priority.

Needs the original file with OpenVPN addresses/statistics which are parsed /run/openvpn/{interface}.status
Without it, it will be difficult to do something.

pasik subscribed.Apr 17 2024, 4:20 PM

vyos@test1:~$ sudo cat /run/openvpn/vtun20.status
OpenVPN CLIENT LIST
Updated,2024-04-17 16:40:05
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
GLOBAL STATS
Max bcast/mcast queue length,0
END

vyos@test1:~$ sudo cat /run/openvpn/vtun20.conf
### Autogenerated by interfaces_openvpn.py ###
#
# See https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
# for individual keyword definition
#
#
#

verb 3
dev-type tun
dev vtun20
persist-key
proto udp
multihome
persist-tun
disable-dco

#
# OpenVPN Server mode
#
mode server
tls-server
topology subnet
server-ipv6 2001:db8:abcd:10::/64
server 10.10.2.0 255.255.255.0

keepalive 10 600
management /run/openvpn/openvpn-mgmt-intf unix


# TLS options
ca /run/openvpn/vtun20_ca.pem
cert /run/openvpn/vtun20_cert.pem
key /run/openvpn/vtun20_cert.key
dh /run/openvpn/vtun20_dh.pem


# Encryption options
cipher AES-256-CBC
providers default

auth sha512

dmbaturin added a project: VyOS 1.4 Sagitta (1.4.0-epa3).Apr 18 2024, 2:14 PM

PR:
https://github.com/vyos/vyos-1x/pull/3330

Restricted Repository Identity mentioned this in rVYOSONEX8bb55a50d08b: Merge pull request #3330 from jestabro/show-openvpn-fail.Apr 18 2024, 5:24 PM

jestabro mentioned this in rVYOSONEXa43f1c00bdc5: openvpn: T6245: return 'n/a' if client info not available.Apr 18 2024, 5:24 PM

Restricted Repository Identity mentioned this in rVYOSONEX3976eebd3d10: openvpn: T6245: return 'n/a' if client info not available.Apr 18 2024, 5:25 PM

Restricted Repository Identity mentioned this in rVYOSONEX63eb47d62eff: Merge pull request #3331 from vyos/mergify/bp/sagitta/pr-3330.Apr 18 2024, 5:29 PM

jestabro closed this task as Resolved.Apr 18 2024, 5:30 PM

jestabro moved this task from Open to Finished on the VyOS 1.5 Circinus board.

jestabro moved this task from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.0-epa3) board.

I tested in the latest rolling version and the traceback error is not received anymore and the tunnel ip column shows n/a but with multiple entries.
It still shows the disconnected client and I assume it should not show disconnected clients

OpenVPN status on vtun20

Client CN    Remote Host       Tunnel IP    Local Host    TX bytes    RX bytes    Connected Since
-----------  ----------------  -----------  ------------  ----------  ----------  -------------------
user02       192.0.2.2:44825   10.10.2.3    N/A           9.1 KB      984.0 B     2024-04-24 12:04:27
user1        192.0.2.10:60149  10.10.2.2    N/A           9.7 KB      16.5 KB     2024-04-24 11:55:32
UNDEF        192.0.2.2:55715   n/a          N/A           3.0 KB      1.5 KB      2024-04-24 12:36:40
user02       192.0.2.2:43640   10.10.2.4    N/A           6.8 KB      10.2 KB     2024-04-24 12:04:32

This is my VyOS configuration and the end client is windows(user1) and vyos(user02) which I am disconnecting.

set interfaces openvpn vtun20 encryption cipher 'aes256'
set interfaces openvpn vtun20 hash 'sha512'
set interfaces openvpn vtun20 mode 'server'
set interfaces openvpn vtun20 openvpn-option '--plugin /usr/lib/openvpn/openvpn-auth-ldap.so /config/auth/ldap-auth.config'
set interfaces openvpn vtun20 openvpn-option '--push redirect-gateway'
set interfaces openvpn vtun20 openvpn-option '--duplicate-cn'
set interfaces openvpn vtun20 openvpn-option '--persist-key'
set interfaces openvpn vtun20 openvpn-option '--verify-client-cert none'
set interfaces openvpn vtun20 openvpn-option '--username-as-common-name'
set interfaces openvpn vtun20 persistent-tunnel
set interfaces openvpn vtun20 server subnet '10.10.2.0/24'
set interfaces openvpn vtun20 server topology 'subnet'
set interfaces openvpn vtun20 tls ca-certificate 'new-ca'
set interfaces openvpn vtun20 tls certificate 'new-server'
set interfaces openvpn vtun20 tls dh-params 'dh-1'

Reopen to investigate.

dmbaturin renamed this task from Show openvpn server fails sometime to Unhandled exception in "show openvpn server".May 11 2024, 6:55 PM

dmbaturin removed a project: VyOS 1.5 Circinus.

dmbaturin changed Is it a breaking change? from Unspecified (possibly destroys the router) to Perfectly compatible.

dmbaturin closed this task as Resolved.May 13 2024, 1:34 PM

Unhandled exception in "show openvpn server"Closed, ResolvedPublicBUGActions

Description

Details

Related Objects

Event Timeline

Unhandled exception in "show openvpn server"
Closed, ResolvedPublicBUG
Actions