Hi. I think I've found a bug in R_00.07.02.1 ### EDIT: Also present in 00.07.02.4 ### - identical issue on TRB140 and RUT955. Here's the symptoms, how to replicate the bug, and a (less secure) temporary workaround.
The RutOS appends lines to the "OpenVPN configuration file" (/var/etc/openvpn-*****.conf) such as:
- path to CA certificate
- path to client Certificate
- path to client key
- path to HMAC authentication file
In the case of HMAC, the RutOS script begins the path "tls_crypt" or "tls_auth" depending on option chosen. ### THIS IS THE BUG ###
This causes the RutOS OpenVPN components to crash! The errors are as follows:
daemon.err openvpn(***name***): Options error: Unrecognized option or missing or extra parameter(s) in /var/etc/openvpn-*****.conf:212: tls_crypt (2.5.3)
...or...
daemon.err openvpn(***name***): Options error: Unrecognized option or missing or extra parameter(s) in /var/etc/openvpn-*****.conf:212: tls_auth (2.5.3)
I suspect that the "Unrecognized option" is the underscore character ("_"); the OpenVPN documentation clearly requires a hyphen ("-"), so the Teltonika programmers need to change their script to use "tls-crypt" and "tsl-auth" instead. That should solve the problem.
How to replicate
Simply attempt to establish an OpenVPN tunnel with either "tls-auth" or "tls-crypt" and OpenVPN will enter a continuous crash loop.
Temporary workaround
If you feel that you can lower your DoS protection security and set HMAC to "none", then you will not experience the bug...because RutOS will not append the malformed HMAC line to the OpenVPN configuration file.
What I request
Can anyone advise the correct process for me to report this bug to Teltonika?
Thanks everyone,
Virgil
### EDIT: Tourbleshoot log attached ###