Hi,
if you have a configuration like
set interfaces openvpn vtun1 encryption cipher 'aes256'
There seems to be a bug in /opt/vyatta/etc/config-migrate/migrate/interfaces/2-to-3 which causes to remove the cipher option.
I’m starting a VM and configure it with cloud-init, but at boot the migration seems to run and remove it.
I’m using VyOS 1.3.3
You can reproduce the problem if you simply run migration:
/usr/libexec/vyos/run-config-migration.py --force /config/config.boot
Comparing my configs:
$ diff -U3 /config/config.boot.2023-06-15-121659.pre-migration /config/config.boot
...
openvpn vtun1 {
description "Cloud Connector"
encryption {
- cipher aes256
+ cipher ""
}
Cipher get’s set to an empty string, which is a invalid configuration
Checking if cipher is an empty string could work. I’m using this to work around the problem:
--- /opt/vyatta/etc/config-migrate/migrate/interfaces/2-to-3.bak 2021-01-04 15:35:48.000000000 +0000
+++ /opt/vyatta/etc/config-migrate/migrate/interfaces/2-to-3 2023-06-15 12:31:51.254974540 +0000
@@ -31,10 +31,11 @@
if config.exists(['interfaces', 'openvpn', intf, 'encryption']):
# Get cipher used
cipher = config.return_value(['interfaces', 'openvpn', intf, 'encryption'])
- # Delete old syntax
- config.delete(['interfaces', 'openvpn', intf, 'encryption'])
- # Add new syntax to config
- config.set(['interfaces', 'openvpn', intf, 'encryption', 'cipher'], value=cipher)
+ if cipher != "":
+ # Delete old syntax
+ config.delete(['interfaces', 'openvpn', intf, 'encryption'])
+ # Add new syntax to config
+ config.set(['interfaces', 'openvpn', intf, 'encryption', 'cipher'], value=cipher)
try:
with open(file_name, 'w') as f:
f.write(config.to_string())