Bug #937
closed
OpenVPN client export utility does not capture IP address of server
0%
Description
Running 3 October amd64 2.0 snapshot on ESXi. Using OpenVPN with the client export utility.
In the "advanced" OpenVPN configuration, I used "local" to set the IP address openvpn will listen on. (There is no drop-down for that under VPN->OpenVPN->Server->[instance].)
When I export the configuration, the config.ovp uses the server address. It does not use the CARP address.
I know that OpenVPN won't silently fail over with CARP, and that clients would have to reconnect in case of failover. But the CARP failover would be good for long-term outages of one firewall or the other.
Thanks,
==ml
Updated by Jim Pingle over 13 years ago
- Status changed from New to Feedback
Can you confirm what snapshot you are running?
I just tried this on a VM on the latest image: I made a CARP VIP, and in my OpenVPN server instances, I have the new CARP VIP available in the drop-down list for selecting the interface. No need for a custom local line. In that list I have WAN, LAN, my VIP, and 'any'.
Updated by Michael Lucas over 13 years ago
Jim,
You are correct. The VIP is there. I created the VPN before I created any CARP interfaces, so I didn't see it. Mea culpa.
I then verified the client export utility issue. Some more detail:
If I click on "Configuration" or "Configuration archive", the downloaded config file includes the correct (CARP) IP address. If I click on "Windows Installer," the config file lists the IP of the master server. (I don't have a Mac, so I don't think I can check the Viscosity bundle.)
Thanks,
==ml
Updated by Michael Lucas over 13 years ago
And I forgot to answer your direct question:
2.0-BETA4 (amd64)
built on Sun Oct 3 18:27:52 UTC 2010
FreeBSD 8.1-RELEASE-p1
Updated by Jim Pingle over 13 years ago
I downloaded and extracted a windows installer bundle and it, too, included the CARP VIP as the remote entry.
Perhaps when you re-ran the installer it didn't overwrite the existing config. Try uninstalling the client, manually deleting the config folder, and then installing.
I just right clicked on the installer and used 7-zip to unpack it and looked in the config folder inside.
Updated by Michael Lucas over 13 years ago
Was not aware of 7-zip, thanks.
I've downloaded a fresh Windows Installer and looked into it with 7-zip. The config file in the new exe has the master IP, not the CARP IP.
Updated by Michael Lucas over 13 years ago
Interesting note here:
If I run the extract from the backup firewall, I get the correct IP in the installer. It's only the master that has the incorrect IP in the installer. Weird...
Updated by Jim Pingle over 13 years ago
It must be something in your OpenVPN instance's config. The code in question looks like this:
$interface = $settings['interface'];
if (!empty($settings['ipaddr']) && is_ipaddr($settings['ipaddr'])) {
$server_host = $settings['ipaddr'];
} else {
if (!$interface)
$interface = "wan";
$server_host = get_interface_ip($interface);
}
So somehow the variable $settings['ipaddr'] is ending up empty for your configuration.
The funny thing is, it's the exact same code for every way to generate that file. As far as I can see, there doesn't seem to be any way in the code that you can get a different reaction from that function based on the export function used. It always reads $settings from the OpenVPN config, so it shouldn't be different at all.
Make sure you clear your browser cache and delete the file from the HDD and download it again. Maybe even use a different browser.
Updated by Michael Lucas over 13 years ago
Different browser, the problem goes away. Aaaagh, browser issue.
Sorry for the noise. Please close this ticket, with extreme prejudice.