Question

Hi. I think I've found a bug in R_00.07.02.1 ### EDIT: Also present in 00.07.02.4 ### - identical issue on TRB140 and RUT955. Here's the symptoms, how to replicate the bug, and a (less secure) temporary workaround.

The RutOS appends lines to the "OpenVPN configuration file" (/var/etc/openvpn-*****.conf) such as:

• path to CA certificate
• path to client Certificate
• path to client key
• path to HMAC authentication file

In the case of HMAC, the RutOS script begins the path "tls_crypt" or "tls_auth" depending on option chosen. ### THIS IS THE BUG ###

This causes the RutOS OpenVPN components to crash! The errors are as follows:

daemon.err openvpn(***name***): Options error: Unrecognized option or missing or extra parameter(s) in /var/etc/openvpn-*****.conf:212: tls_crypt (2.5.3)

...or...

daemon.err openvpn(***name***): Options error: Unrecognized option or missing or extra parameter(s) in /var/etc/openvpn-*****.conf:212: tls_auth (2.5.3)

I suspect that the "Unrecognized option" is the underscore character ("_"); the OpenVPN documentation clearly requires a hyphen ("-"), so the Teltonika programmers need to change their script to use "tls-crypt" and "tsl-auth" instead. That should solve the problem.

How to replicate

Simply attempt to establish an OpenVPN tunnel with either "tls-auth" or "tls-crypt" and OpenVPN will enter a continuous crash loop.

Temporary workaround

If you feel that you can lower your DoS protection security and set HMAC to "none", then you will not experience the bug...because RutOS will not append the malformed HMAC line to the OpenVPN configuration file.

What I request

Can anyone advise the correct process for me to report this bug to Teltonika?

Thanks everyone,

Virgil

### EDIT: Tourbleshoot log attached ###

Answer 1

Hello,

Thank you for contacting us and reporting the issue.

It would be very helpful if you could complement this by sending me a troubleshoot file in a personal message. Please, replicate the issue, then access router's WebUI, go to System -> Administration > Troubleshoot section and download troubleshoot file from there.

Best regards, 

Comments

Hi. I've waited for a few FW updates, but it seems that Teltonika don't read these forums....if they did then surely they would implement this simply fix, right? I have uploaded FW00.07.02.4 and the bug is still present. To verify the bug here's what I did:

• Logged into SSH and ran the following command to output any OpenVPN errors
  •  # logread -f | grep openvpn 
• Uploaded (via the RUT OS GUI) an OpenVPN config file, along with appropriate certificate, HMAC auth and key, and of course a valid username/password
• Got the following error logged:
  • Wed Aug 10 18:51:11 2022 kern.notice kernel: openvpn configuration has been changed
  • Wed Aug 10 18:51:13 2022 daemon.err openvpn(FixedIP)[15655]: Options error: Unrecognized option or missing or extra parameter(s) in /var/etc/openvpn-FixedIP.conf:212: tls_crypt (2.5.3)
  • Wed Aug 10 18:51:38 2022 daemon.info procd: Instance openvpn::FixedIP s in a crash loop 6 crashes, 1 seconds since last crash

• I then viewed the OpenVPN config file, to see what Teltonika had appended to the file, using this command:

•  # cat /var/etc/openvpn-FixedIP.conf 
• The Teltonika software had appended the following ("illegal") typo (should be "-" not "_"):
  • tls_crypt /etc/vuci-uploads/cbid.openvpn.....etc...

So, back to my original question: Does anyone know how to officially report this bug to Teltonika?

---

Hello,

The issue has been reported to the RnD. It will be solved with the RUTOS 7.2.6 firmware release.

Thank you for the provided file and a detailed report.

Best regards,