Page MenuHomeVyOS Platform
Create Task
Maniphest T6522

OpenVPN-options does not pass the quotes anymore
Closed, InvalidPublicBUG
Actions

Description

openvpn-option allows to add if any options are missing in the CLI node. Sometimes option lines in the generated OpenVPN configuration require quotes. This is done previously through a hack using config generator. You can pass quotes using the " statement.

set interfaces openvpn vtun20 openvpn-option ‘push "keepalive 1 10"’

Which will add push "keepalive 1 10" to the generated OpenVPN config file but when tested in 1.4.0 version it is not converting to quotes and receives an error.

Jun 25 12:25:18 openvpn-vtun20[1438609]: Options error: Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: push (2.6.3)
Jun 25 12:25:18 openvpn-vtun20[1438609]: Use --help for more information.
Jun 25 12:25:18 systemd[1]: [email protected]: Main process exited, code=exited, status=1/FAILURE
Jun 25 12:25:18 systemd[1]: [email protected]: Failed with result 'exit-code'.
Jun 25 12:25:18 systemd[1]: Failed to start [email protected] - OpenVPN connection to vtun20.

Requirement:

set interfaces openvpn vtun20 openvpn-option '--push "keepalive 1 10"'

Reference from openvpn documents:

--push option	
Push a config file option back to the client for remote execution. Note that option must be enclosed in double quotes ("").

Details

Difficulty level
Unknown (require assessment)
Version
1.4.0, 1.5-rolling-202405240020
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Unspecified (please specify)

Event Timeline

SrividyaA created this task.Jun 27 2024, 12:19 PM
SrividyaA triaged this task as Low priority.
pasik subscribed.Jun 27 2024, 12:41 PM
Viacheslav subscribed.Jun 27 2024, 1:21 PM

Which exectly config it generates?
Based on this code should work https://github.com/vyos/vyos-1x/blob/b3b1d59d86af510c454da446f013b514389f5c7f/src/conf_mode/interfaces_openvpn.py#L683

Viacheslav changed the task status from Open to In progress.Jun 28 2024, 12:19 PM
Viacheslav claimed this task.
Viacheslav closed this task as Invalid.Jun 28 2024, 1:25 PM

The correct pass options without "

set interfaces openvpn vtun20 encryption ncp-ciphers 'aes256'
set interfaces openvpn vtun20 hash 'sha512'
set interfaces openvpn vtun20 mode 'server'
set interfaces openvpn vtun20 openvpn-option 'push keepalive 1 10'
set interfaces openvpn vtun20 server subnet '10.10.2.0/24'
set interfaces openvpn vtun20 server topology 'subnet'
set interfaces openvpn vtun20 tls ca-certificate 'ca'
set interfaces openvpn vtun20 tls certificate 'cert'
set interfaces openvpn vtun20 tls dh-params 'dh'

It should work fine as push args changed internally https://github.com/vyos/vyos-1x/blob/f36271bd2f91aa6cf0bc0176160d3a2abfb9a21f/data/templates/openvpn/service-override.conf.j2#L8-L15

vyos@r4# ps ax | grep openvp
  22183 ?        Ss     0:00 /usr/sbin/openvpn --daemon openvpn-vtun20 --config vtun20.conf --status vtun20.status 30 --writepid vtun20.pid --push keepalive 1 10
  22556 pts/0    S+     0:00 grep openvp
[edit]
vyos@r4# 
[edit]
vyos@r4# 
[edit]
vyos@r4# cat /run/systemd/system/[email protected]/20-override.conf 
[Service]
ExecStart=
ExecStart=/usr/sbin/openvpn --daemon openvpn-%i --config %i.conf --status %i.status 30 --writepid %i.pid  --push "keepalive 1 10"
[edit]
vyos@r4#