WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

Bug? RUTX11: OpenVPN "extra" options are not applied in /var/etc/openvpn-xxxx.conf

0 votes
527 views 0 comments
by

Device: RUTX11
Firmware: Latest (RUTX_R_00.02.01.1_single.bin)
Factory reset: Done

Problem:

When adding custom configuration options in OpenVPN client via web GUI ("extra" fields), they're applied in /etc/config/openvpn:

(Test: option "fast-io")

config webui 'webui'
        option _auth 'tls'

config openvpn 'xxxxx'
        option keepalive '10 120'
        option _name 'xxxxx'
        option nobind '1'
        option persist_key '1'
        option port '1194'
        option persist_tun '1'
        option status '/tmp/openvpn-status_xxxxx.log'
        option verb '5'
        option proto 'udp'
        option type 'client'
        option enable '1'
        option dev 'tap'
        option comp_lzo 'no'
        option cipher 'none'
        option client '1'
        option user 'root'
        option _auth 'pass'
        option remote 'xxx.xxx.xxx.xxx'
        option resolv_retry 'infinite'
        option auth_user_pass '/etc/openvpn/auth_xxxxxip'
        list _extra 'fast-io'
        option auth 'none'
        option _tls_auth '0'
        option ca '/etc/luci-uploads/cbid.openvpn.xxxxx.ca'

... but not in /var/etc/openvpn-xxxxx.conf which the OpenVPN client really uses while connecting to the server:

root@Teltonika-RUTX11:~# cat /var/etc/openvpn-xxxxx.conf
client
nobind
persist-key
persist-tun
auth none
auth-user-pass /etc/openvpn/auth_xxxxx
ca /etc/luci-uploads/cbid.openvpn.xxxxx.ca
cipher none
comp-lzo no
dev tap
keepalive 10 120
port 1194
proto udp
remote xxx.xxx.xxx.xxx
resolv-retry infinite
status /tmp/openvpn-status_xxxxx.log
user root
verb 5

(no "fast-io" around)

The file /var/etc/openvpn/openvpn-xxxxx.conf is generated from /etc/config/openvpn during /etc/init.d/openvpn start

Quick & dirty fix:

On RUT 950 / 955 / 240, everything works fine. So I took a look at /etc/init.d/openvpn on a RUT950 device.
On RUTX11, those lines is missing in /etc/init.d/openvpn (append_extended_params() was taken from RUT950 but modified to match the new output file variable name "/var/etc/openvpn-$s.conf"):

/etc/init.d/openvpn:

append_extended_params() {
        local arg="$1"
        [ -n "$arg" ] && echo "$arg" | sed -e 's/^[ \t]*//' >> "/var/etc/openvpn-$s.conf"
}

// [...]
start_instance() {
        // [...]
        append_bools "$s" $OPENVPN_BOOLS
        append_params "$s" $OPENVPN_PARAMS
        config_list_foreach "$s" "_extra" append_extended_params    // Inserted

        openvpn_add_instance "$s" "/var/etc" "openvpn-$s.conf"
}

After adding those lines to /etc/init.d/openvpn, it works as expected (the "extra" options appeared in /var/etc/openvpn-xxxxx.conf)

It would be nice if we could have a fix for this issue in the future since this workaround is not upgrade/reset-proof - or am I doing it wrong?

Kind regards

Tobi

1 Answer

0 votes
by anonymous
Hello Tobi,

Thank you for information and yours insight, I checked it myself, and relayed everything to our developers. Hopefully it will be fixed in upcoming FW releases.

Best regards,
VidasKac.