10857 questions

12933 answers

20163 comments

25444 members

0 votes
51 views 0 comments
by

Hi. I think I've found a bug in R_00.07.02.1 - identical issue on TRB140 and RUT955. Here's the symptoms, how to replicate the bug, and a (less secure) temporary workaround.

The RutOS appends lines to the "OpenVPN configuration file" (/var/etc/openvpn-*****.conf) such as:

  • path to CA certificate
  • path to client Certificate
  • path to client key
  • path to HMAC authentication file
In the case of HMAC, the RutOS script begins the path "tls_crypt" or "tls_auth" depending on option chosen. ### THIS IS THE BUG ###
This causes the RutOS OpenVPN components to crash! The errors are as follows:
daemon.err openvpn(***name***): Options error: Unrecognized option or missing or extra parameter(s) in /var/etc/openvpn-*****.conf:212: tls_crypt (2.5.3)
...or...
daemon.err openvpn(***name***): Options error: Unrecognized option or missing or extra parameter(s) in /var/etc/openvpn-*****.conf:212: tls_auth (2.5.3)
I suspect that the "Unrecognized option" is the underscore character ("_"); the OpenVPN documentation clearly requires a hyphen ("-"), so the Teltonika programmers need to change their script to use "tls-crypt" and "tsl-auth" instead. That should solve the problem.
How to replicate
Simply attempt to establish an OpenVPN tunnel with either "tls-auth" or "tls-crypt" and OpenVPN will enter a continuous crash loop.
Temporary workaround
If you feel that you can lower your DoS protection security and set HMAC to "none", then you will not experience the bug...because RutOS will not append the malformed HMAC line to the OpenVPN configuration file.
What I request
Can anyone advise the correct process for me to report this bug to Teltonika?
Thanks everyone,
Virgil

1 Answer

0 votes
by

Hello,

Thank you for contacting us and reporting the issue.

It would be very helpful if you could complement this by sending me a troubleshoot file in a personal message. Please, replicate the issue, then access router's WebUI, go to System -> Administration > Troubleshoot section and download troubleshoot file from there.

Best regards,