Page MenuHomeVyOS Platform
Create Task
Maniphest T6245

Show openvpn server fails sometime
Open, NormalPublicBUG
Actions

Description

The traceback error is still received sometimes for the op-command "show openvpn server" if any of the client connection is not established properly.

Traceback (most recent call last):
  File "/usr/libexec/vyos/op_mode/openvpn.py", line 247, in <module>
    res = vyos.opmode.run(sys.modules[__name__])
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/vyos/opmode.py", line 263, in run
    res = func(**args)
          ^^^^^^^^^^^^
  File "/usr/libexec/vyos/op_mode/openvpn.py", line 230, in show
    openvpn_data = _get_raw_data(mode)
                   ^^^^^^^^^^^^^^^^^^^
  File "/usr/libexec/vyos/op_mode/openvpn.py", line 177, in _get_raw_data
    d = _get_interface_status(mode, intf)
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/libexec/vyos/op_mode/openvpn.py", line 120, in _get_interface_status
    client['tunnel'] = _get_tunnel_address(client['remote_host'],
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/libexec/vyos/op_mode/openvpn.py", line 51, in _get_tunnel_address
    tunnel_ip = lst[0].split(',')[0]
                ~~~^^^
IndexError: list index out of range

Previous reference task: https://vyos.dev/T5817
forum article: https://forum.vyos.io/t/openvpn-indexerror-list-index-out-of-range/14222

Details

Difficulty level
Unknown (require assessment)
Version
1.5-rolling-202404141045
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Unspecified (please specify)

Related Objects

Event Timeline

SrividyaA triaged this task as Normal priority.Wed, Apr 17, 10:17 AM
SrividyaA created this task.
Viacheslav added a subscriber: Viacheslav.Wed, Apr 17, 10:46 AM

Needs the original file with OpenVPN addresses/statistics which are parsed /run/openvpn/{interface}.status
Without it, it will be difficult to do something.

pasik added a subscriber: pasik.Wed, Apr 17, 4:20 PM
SrividyaA added a comment.Wed, Apr 17, 4:49 PM
vyos@test1:~$ sudo cat /run/openvpn/vtun20.status
OpenVPN CLIENT LIST
Updated,2024-04-17 16:40:05
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
GLOBAL STATS
Max bcast/mcast queue length,0
END

vyos@test1:~$ sudo cat /run/openvpn/vtun20.conf
### Autogenerated by interfaces_openvpn.py ###
#
# See https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
# for individual keyword definition
#
#
#

verb 3
dev-type tun
dev vtun20
persist-key
proto udp
multihome
persist-tun
disable-dco

#
# OpenVPN Server mode
#
mode server
tls-server
topology subnet
server-ipv6 2001:db8:abcd:10::/64
server 10.10.2.0 255.255.255.0

keepalive 10 600
management /run/openvpn/openvpn-mgmt-intf unix


# TLS options
ca /run/openvpn/vtun20_ca.pem
cert /run/openvpn/vtun20_cert.pem
key /run/openvpn/vtun20_cert.key
dh /run/openvpn/vtun20_dh.pem


# Encryption options
cipher AES-256-CBC
providers default

auth sha512
dmbaturin added a project: VyOS 1.4 Sagitta (1.4.0-epa3).Thu, Apr 18, 2:14 PM
jestabro claimed this task.Thu, Apr 18, 2:24 PM
jestabro added a subscriber: jestabro.

PR:
https://github.com/vyos/vyos-1x/pull/3330

jestabro closed this task as Resolved.Thu, Apr 18, 5:30 PM
jestabro moved this task from Need Triage to Finished on the VyOS 1.5 Circinus board.
jestabro moved this task from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.0-epa3) board.
SrividyaA added a comment.Wed, Apr 24, 12:40 PM

I tested in the latest rolling version and the traceback error is not received anymore and the tunnel ip column shows n/a but with multiple entries.
It still shows the disconnected client and I assume it should not show disconnected clients

OpenVPN status on vtun20

Client CN    Remote Host       Tunnel IP    Local Host    TX bytes    RX bytes    Connected Since
-----------  ----------------  -----------  ------------  ----------  ----------  -------------------
user02       192.0.2.2:44825   10.10.2.3    N/A           9.1 KB      984.0 B     2024-04-24 12:04:27
user1        192.0.2.10:60149  10.10.2.2    N/A           9.7 KB      16.5 KB     2024-04-24 11:55:32
UNDEF        192.0.2.2:55715   n/a          N/A           3.0 KB      1.5 KB      2024-04-24 12:36:40
user02       192.0.2.2:43640   10.10.2.4    N/A           6.8 KB      10.2 KB     2024-04-24 12:04:32

This is my VyOS configuration and the end client is windows(user1) and vyos(user02) which I am disconnecting.

set interfaces openvpn vtun20 encryption cipher 'aes256'
set interfaces openvpn vtun20 hash 'sha512'
set interfaces openvpn vtun20 mode 'server'
set interfaces openvpn vtun20 openvpn-option '--plugin /usr/lib/openvpn/openvpn-auth-ldap.so /config/auth/ldap-auth.config'
set interfaces openvpn vtun20 openvpn-option '--push redirect-gateway'
set interfaces openvpn vtun20 openvpn-option '--duplicate-cn'
set interfaces openvpn vtun20 openvpn-option '--persist-key'
set interfaces openvpn vtun20 openvpn-option '--verify-client-cert none'
set interfaces openvpn vtun20 openvpn-option '--username-as-common-name'
set interfaces openvpn vtun20 persistent-tunnel
set interfaces openvpn vtun20 server subnet '10.10.2.0/24'
set interfaces openvpn vtun20 server topology 'subnet'
set interfaces openvpn vtun20 tls ca-certificate 'new-ca'
set interfaces openvpn vtun20 tls certificate 'new-server'
set interfaces openvpn vtun20 tls dh-params 'dh-1'
jestabro reopened this task as Open.Wed, Apr 24, 3:03 PM

Reopen to investigate.