Question

In WebUI under /services/vpn/openvpn, on adding a OpenVPN client config named 'tiril', not using config from file, the generated tls-auth option has the arguments order in wrong order, causing the connection to always fail:

From syslog:

Wed Sep 15 10:52:36 2021 daemon.err openvpn(tiril)[21329]: Options error: Unknown key direction '/etc/vuci-uploads/cbid.openvpn.tiril.tls_authta.key' -- must be '0' or '1'

Entry in /var/etc/openvpn-tiril.conf:

tls-auth 1 /etc/vuci-uploads/cbid.openvpn.tiril.tls_authta.key

Entries in /etc/config/openvpn:

    option _tls_auth 'tls-auth'
    option tls_auth '1 /etc/vuci-uploads/cbid.openvpn.tiril.tls_authta.key'
    option auth_key_direction '1'

Is this the right forum for bug reports?

Answer 1

Hello,

This is the correct place to report issues. Thank you for your input and I have already forwarded the information to our developers.

Best regards.

Comments

Also, this seems like a duplicate of https://community.teltonika-networks.com/35086/rutx12-openvpn-client-ignores-tls-auth-key-direction-setting

Answer 2

I confirm this observation - in the openvpn client config file which is automatically created by Teltonika FW version 7.00 the HMAC key direction ("1") comes before the path to the key. This is not correct the order of arguments must be the opposite: first the key path, than the HMAC key direction argument.

A workaround which we applied is:

1) find the configuration file in the file system of your Teltonika router (/etc/vuci-uploads/...) and correct the order of arguments, i.e.

Not correct order of arguments:
tls-auth 1 /etc/vuci-uploads/cbid.openvpn.tiril.tls_authta.key

Corrected order of arguments:
tls-auth /etc/vuci-uploads/cbid.openvpn.tiril.tls_authta.key 1

2) Enter the OpenVPN client configuration via the web server of your Teltonika router, select the option "Use configuration file" and select the file which you corrected in step 1 above.

3) Save and apply