OpenVPN Server config gone after upgrade?

Jim · February 25, 2019, 1:39pm

Hi All,

I upgrade from: 1.2.0-rolling+201901280337 to: 1.2.0-rolling+201902240337. While everything else appears to have been saved and working, the OpenVPN server vtun0 was not carried over. Is this expected? The certificate directory (EasyRSA) is still there…

A note, I also have a vtun1 which is in client mode, this did in fact stay.

KirillK · February 25, 2019, 1:58pm

Hi, Jim
I had that issue when one of params of vtun0 wasn’t configured properly and disappears after reboot of VyOS upgrade with config import error.
Check log in /var/log/vyatta/vyatta-config-loader.log or leave your current vtun0 config here.

Jim · February 25, 2019, 7:03pm

Hello,

Thank you for coming back to me, it’s nice to know I’m not the only one who’s experienced this. I think I may have found the issue.

After following your advise I wasn’t able to find anything of help in the config loader log sadly. However I recreated vtun0 with the same commands I had before. It all works other that IPv6 route push! That’s probably why it failed after the upgrade.

Here’s a snippet of my vtun0 config:

openvpn vtun0 {
        encryption aes256
        mode server
        openvpn-option "tls-auth /config/auth/****/*****.key 0"
        openvpn-option "server-ipv6 2001:8b0:****:f***::/64"
        openvpn-option "--push redirect-gateway"
        openvpn-option "route-ipv6 2001:8b0:****:f***::/64"
        server {
            name-server 1.1.1.1
            subnet 172.16.50.0/24
        }
        tls {
            ca-cert-file /config/auth/*****/pki/ca.crt
            cert-file /config/auth/*****/pki/****/***.crt
            dh-file /config/auth/*****/pki/****.pem
            key-file /config/auth/*****/pki/*******/*****.key
        }
        use-lzo-compression
    }

I wonder if anyone can tell me why this command breaks OpenVPN on VyOS?:
set interfaces openvpn vtun0 openvpn-option "--push route-ipv6 ::/0"
IPv6 works but I’m unable to push the above route to clients.

Any help would be very much appreciated

KirillK · February 27, 2019, 12:01pm

Cannot say much on what causes that, but I can suggest to try if that breaks on any different VyOS version.

Jim · February 27, 2019, 6:25pm

I had time this evening to revert back to: 1.2.0-rolling+201901280337. I’m happy to say that the following now works:
openvpn-option "push route-ipv6 2000::/3"
Not sure if anyone on this forum knows why this broke in later releases. I’ll raise this as a bug on github :-).

Thank you for your help @KirillK !