Page MenuHomeVyOS Platform
Create Task
Maniphest T7056

OpenVPN error : Unable to bind the tunnel interface to bridge if misconfigured first
Open, NormalPublicBUG
Actions

Description

Steps to reproduce the issue:
#1 Forgot to mention the device-type as "tap" when configuring the openvpn server in bridge mode:

set interfaces bridge br268 member interface vtun268
set interfaces openvpn vtun268 encryption cipher 'aes128'
set interfaces openvpn vtun268 local-port '2278'
set interfaces openvpn vtun268 mode 'server'
set interfaces openvpn vtun268 server subnet '192.168.1.0/24'
set interfaces openvpn vtun268 tls ca-certificate 'root_ca'
set interfaces openvpn vtun268 tls certificate 'server2'
set interfaces openvpn vtun268 tls dh-params 'dh-pem'

Committing the above configuration gives the error, which is expected.

vyos@vyos# commit

Error: Device does not allow enslaving to a bridge.

[[interfaces openvpn vtun268]] failed
Commit failed

#2 Even after adding the command, receive the commit error.

vyos@vyosb2# set interfaces openvpn vtun268 device-type 'tap'
[edit]
vyos@vyosb2# compare
[interfaces]
+ openvpn vtun268 {
+     device-type "tap"
+     encryption {
+         data-ciphers "aes128"
+     }
+     local-port "2278"
+     mode "server"
+     server {
+         subnet "192.168.1.0/24"
+     }
+     tls {
+         ca-certificate "root-ca"
+         certificate "server101"
+         dh-params "dh-pem"
+     }
+ }
vyos@vyosb2# commit
[ interfaces openvpn vtun268 ]
Error: Device does not allow enslaving to a bridge.
[[interfaces openvpn vtun268]] failed
Commit failed
[edit]

#3 It does not seem to allow modification to the tunnel which was created in the first commit but it does not exist in the running configuration, deleting the bridge interface also does not help.
Interface status

vyos@vyosb2# sh int
 bridge br268 {
     member {
         interface vtun268 {
         }
     }
 }
 dummy dum0 {
     address 10.13.0.10/16
 }
 ethernet eth0 {
     address dhcpv6
     address 192.0.2.20/24
     hw-id 50:0b:00:0b:00:00
 }
 ethernet eth1 {
     hw-id 50:0b:00:0b:00:01
 }
 ethernet eth2 {
     hw-id 50:0b:00:0b:00:02
 }
 ethernet eth3 {
     hw-id 50:0b:00:0b:00:03
 }
 loopback lo {
 }


8: br268: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN0
    link/ether ea:4b:b5:3a:e5:1a brd ff:ff:ff:ff:ff:ff
    inet6 fe80::e84b:b5ff:fe3a:e51a/64 scope link tentative
       valid_lft forever preferred_lft forever
9: vtun268: <NO-CARRIER,POINTOPOINT,MULTICAST,NOARP,UP> mtu 1500 qdisc fq_codel0
    link/none

Rebooting the device or creating the tunnel interface with different number fixes the issue.

Details

Version
1.4.1, VyOS 1.5-rolling-202501140634
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)

Event Timeline

SrividyaA created this task.Jan 17 2025, 2:32 PM
SrividyaA triaged this task as Low priority.
Viacheslav raised the priority of this task from Low to Normal.Jan 17 2025, 4:32 PM
Viacheslav edited projects, added VyOS 1.4 Sagitta (1.4.2); removed VyOS 1.4 Sagitta (1.4.1).
pasik subscribed.Jan 18 2025, 9:15 AM
dmbaturin edited projects, added VyOS 1.4 Sagitta (1.4.3); removed VyOS 1.4 Sagitta (1.4.2).Jan 23 2025, 3:49 PM
dmbaturin added a project: VyOS Rolling.Thu, May 8, 11:22 AM
dmbaturin changed Is it a breaking change? from Unspecified (possibly destroys the router) to Perfectly compatible.