Device: RUTX11
Firmware: Latest (RUTX_R_00.02.01.1_single.bin)
Factory reset: Done
Problem:
When adding custom configuration options in OpenVPN client via web GUI ("extra" fields), they're applied in /etc/config/openvpn:
(Test: option "fast-io")
config webui 'webui'
option _auth 'tls'
config openvpn 'xxxxx'
option keepalive '10 120'
option _name 'xxxxx'
option nobind '1'
option persist_key '1'
option port '1194'
option persist_tun '1'
option status '/tmp/openvpn-status_xxxxx.log'
option verb '5'
option proto 'udp'
option type 'client'
option enable '1'
option dev 'tap'
option comp_lzo 'no'
option cipher 'none'
option client '1'
option user 'root'
option _auth 'pass'
option remote 'xxx.xxx.xxx.xxx'
option resolv_retry 'infinite'
option auth_user_pass '/etc/openvpn/auth_xxxxxip'
list _extra 'fast-io'
option auth 'none'
option _tls_auth '0'
option ca '/etc/luci-uploads/cbid.openvpn.xxxxx.ca'
... but not in /var/etc/openvpn-xxxxx.conf which the OpenVPN client really uses while connecting to the server:
root@Teltonika-RUTX11:~# cat /var/etc/openvpn-xxxxx.conf
client
nobind
persist-key
persist-tun
auth none
auth-user-pass /etc/openvpn/auth_xxxxx
ca /etc/luci-uploads/cbid.openvpn.xxxxx.ca
cipher none
comp-lzo no
dev tap
keepalive 10 120
port 1194
proto udp
remote xxx.xxx.xxx.xxx
resolv-retry infinite
status /tmp/openvpn-status_xxxxx.log
user root
verb 5
(no "fast-io" around)
The file /var/etc/openvpn/openvpn-xxxxx.conf is generated from /etc/config/openvpn during /etc/init.d/openvpn start
Quick & dirty fix:
On RUT 950 / 955 / 240, everything works fine. So I took a look at /etc/init.d/openvpn on a RUT950 device.
On RUTX11, those lines is missing in /etc/init.d/openvpn (append_extended_params() was taken from RUT950 but modified to match the new output file variable name "/var/etc/openvpn-$s.conf"):
/etc/init.d/openvpn:
append_extended_params() {
local arg="$1"
[ -n "$arg" ] && echo "$arg" | sed -e 's/^[ \t]*//' >> "/var/etc/openvpn-$s.conf"
}
// [...]
start_instance() {
// [...]
append_bools "$s" $OPENVPN_BOOLS
append_params "$s" $OPENVPN_PARAMS
config_list_foreach "$s" "_extra" append_extended_params // Inserted
openvpn_add_instance "$s" "/var/etc" "openvpn-$s.conf"
}
After adding those lines to /etc/init.d/openvpn, it works as expected (the "extra" options appeared in /var/etc/openvpn-xxxxx.conf)
It would be nice if we could have a fix for this issue in the future since this workaround is not upgrade/reset-proof - or am I doing it wrong?
Kind regards
Tobi