vyos-1x icon indicating copy to clipboard operation
vyos-1x copied to clipboard

Published 20 hours ago verified publisher icon vyos

T6486: T6379: Rewrite generate openvpn client-config

Open sever-sever opened this issue 1 year ago • 3 comments

Change Summary

This command helps to generate users .ovpn files Rewrite generate openvpn client-config to use Config() It needs to get the default values as ConfigTreeQuery is not supporting default values.

Fixed "ignores configured protocol type" if TCP is used Fixed lzo, was used even if lzo was not configured Fixed encryption does not parse the dict

Types of changes

  • [x] Bug fix (non-breaking change which fixes an issue)
  • [ ] New feature (non-breaking change which adds functionality)
  • [ ] Code style update (formatting, renaming)
  • [ ] Refactoring (no functional changes)
  • [ ] Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component
  • [ ] Other (please describe):

Related Task(s)

  • https://vyos.dev/T6486
  • https://vyos.dev/T6379

Related PR(s)

Component(s) name

openvpn

Proposed changes

How to test

Configure Openvpn in TCP mode,

set interfaces openvpn vtun20 encryption ncp-ciphers 'aes256'
set interfaces openvpn vtun20 hash 'sha512'
set interfaces openvpn vtun20 local-host '203.0.113.1'
set interfaces openvpn vtun20 mode 'server'
set interfaces openvpn vtun20 protocol 'tcp-passive'
set interfaces openvpn vtun20 server subnet '10.0.22.0/24'
set interfaces openvpn vtun20 tls ca-certificate 'openvpn-ca'
set interfaces openvpn vtun20 tls certificate 'openvpn-cert'
set interfaces openvpn vtun20 tls dh-params 'dh'

Before the fix the proto is UDP, but expected TCP Generated OpenVPN client config file

client
nobind
remote None 1194
remote-cert-tls server
proto udp
dev tun
dev-type tun
persist-key
persist-tun
verb 3
comp-lzo no

After the fix the protocol is correct, encyption with correct maps, lzo not exists:

vyos@vyos# run generate openvpn client-config interface vtun20 ca openvpn-ca certificate openvpn-client

client
nobind
remote 203.0.113.1 1194
remote-cert-tls server
proto tcp-client
dev tun
dev-type tun
persist-key
persist-tun
verb 3

# Encryption options

cipher AES-256-CBC
data-ciphers AES-256-CBC
auth sha512
...

Smoketest result

Checklist:

  • [x] I have read the CONTRIBUTING document
  • [x] I have linked this PR to one or more Phabricator Task(s)
  • [ ] I have run the components SMOKETESTS if applicable
  • [x] My commit headlines contain a valid Task id
  • [ ] My change requires a change to the documentation
  • [ ] I have updated the documentation accordingly

sever-sever avatar Jul 02 '24 05:07 sever-sever

👍 No issues in PR Title / Commit Title

github-actions[bot] avatar Jul 02 '24 05:07 github-actions[bot]

❌ VyOS CLI smoketests failed!

github-actions[bot] avatar Jul 02 '24 08:07 github-actions[bot]

CI integration 👍 passed!

Details

CI logs

  • 👍 passed CLI Smoketests returned:
  • 👍 passed Config tests returned:
  • 👍 passed RAID1 tests returned:

github-actions[bot] avatar Jul 02 '24 15:07 github-actions[bot]

@MergifyIo backport circinus sagitta

sever-sever avatar Aug 01 '24 12:08 sever-sever

backport circinus sagitta

✅ Backports have been created

mergify[bot] avatar Aug 01 '24 12:08 mergify[bot]