OpenVPN doesn't accept it's local address

Hi!
I want to connect two sites via OpenVPN site-to-site. The exact same configuration worked on two Ubiquiti EdgeRouter (based on vyatta). Now at siteA remains the EdgeRouter and on siteB there is my VyOS router. I copied the OVPN configuration from the former siteB router where it worked.

But now I get a strange error message.

Shortened config:

interfaces {
ethernet eth0 {
address 172.16.200.10/27
description WAN
duplex auto
speed auto
}
openvpn vtun0 {
local-address 10.255.13.2 {
}
local-host 172.16.200.10
local-port 1197
mode site-to-site
remote-address 10.255.13.1
remote-host 123.123.123.123
remote-port 1197
shared-secret-key-file /config/auth/secret-lowl146
}
}
protocols {
static {
route 0.0.0.0/0 {
next-hop 172.16.200.1 {
}
}
}
}

Messages from "/var/log/messages

systemd[1]: Starting OpenVPN connection to vtun0…
openvpn-vtun0[2106]: DEPRECATED OPTION: --compat-names, please update your configuration. This will be removed in OpenVPN 2.5.
openvpn-vtun0[2106]: disabling NCP mode (–ncp-disable) because not in P2MP client or server mode
openvpn-vtun0[2106]: OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 20 2019
openvpn-vtun0[2106]: library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.10
systemd[1]: Started OpenVPN connection to vtun0.
openvpn-vtun0[2106]: WARNING: you are using user/group/chroot/setcon without persist-tun – this may cause restarts to fail
openvpn-vtun0[2106]: Outgoing Static Key Encryption: Cipher ‘BF-CBC’ initialized with 128 bit key
openvpn-vtun0[2106]: WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
openvpn-vtun0[2106]: Outgoing Static Key Encryption: Using 160 bit message hash ‘SHA1’ for HMAC authentication
openvpn-vtun0[2106]: Incoming Static Key Encryption: Cipher ‘BF-CBC’ initialized with 128 bit key
openvpn-vtun0[2106]: WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
openvpn-vtun0[2106]: Incoming Static Key Encryption: Using 160 bit message hash ‘SHA1’ for HMAC authentication
openvpn-vtun0[2106]: RESOLVE: Cannot resolve host address: 172.16.200.10:1197 (Address family for hostname not supported)
openvpn-vtun0[2106]: Exiting due to fatal error
systemd[1]: [email protected]: Main process exited, code=exited, status=1/FAILURE
systemd[1]: [email protected]: Failed with result ‘exit-code’.

That RESOLVE: Cannot resolve host address: 172.16.200.10:1197 (Address family for hostname not supported) message must be a bug. Because that definitely is the local address and correct port. I tried searching for that message, but all I found is IPv6 things. My whole network does not use IPv6.

This is strange. What’s your image version?

show version
Version: VyOS 1.3-rolling-202004180117
Release Train: equuleus

Built by: [email protected]
Built on: Sat 18 Apr 2020 01:17 UTC
Build UUID: e0f69a99-c999-469e-bb81-02005956d9f1
Build Commit ID: 222dde1eb964e5

@Felix It looks like this has been logged as a bug here.

Keep an eye on that and, when resolved, a new nightly should work for you.