Bug #11416
closedOpenVPN IPv4 Tunnel Network incorrectly allows hostnames
0%
Description
If you enter a host address instead of a network address into the IPv4 Tunnel Network field, the setup will be accepted, but the OpenVPN service will not start.
Status/OpenVpn
Unable to contact daemon
Files
Related issues
Updated by Jim Pingle over 3 years ago
- Status changed from New to Feedback
- Target version set to CE-Next
By "host address" do you mean a single IP address without a CIDR mask ("x.x.x.x") or an FQDN?
Updated by Danilo Zrenjanin over 3 years ago
A single host address with a CIDR mask. e.g., 10.0.8.1/24.
Updated by Jim Pingle over 3 years ago
- Status changed from Feedback to New
OK so you literally meant a host address inside a network, and not the network address.
We could do one of two things here:
- Have input validation reject the input if the address is not the network address for the subnet (harsh)
- Change the host address the user input into the appropriate network address on save (easier for the user, but the change may surprise them)
I'm leaning toward the latter approach, and note under the field that it should be/will be changed to a network address
Updated by Viktor Gurov almost 3 years ago
openvpn_validate_tunnel_network()
implemented in #2668 do not allow to enter IP addresses
I think this issue can be closed
Updated by Jim Pingle almost 3 years ago
I'm not seeing any change in behavior from before here. On a 2.6.0 snapshot I can still enter a host IP address inside the tunnel network (e.g. 10.6.29.1/24
) and the GUI accepts it as the tunnel network.
Updated by Danilo Zrenjanin almost 3 years ago
Yes, I can confirm it's not fixed yet.
Tested against:
2.6.0-BETA (amd64) built on Thu Dec 16 06:22:38 UTC 2021 FreeBSD 12.3-STABLE
It still allows entering a host address which breaks the OpenVPN service.
I entered 10.0.8.1/24
[error] Unable to contact daemon Service not running? 0 0 B 0 B
Updated by Viktor Gurov over 2 years ago
- Assignee set to Viktor Gurov
Updated by Jim Pingle over 2 years ago
- Status changed from New to Pull Request Review
- Target version changed from CE-Next to 2.7.0
- Plus Target Version set to 22.05
Updated by Jim Pingle over 2 years ago
- Subject changed from OpenVPN IPv4 Tunnel Network check to OpenVPN IPv4 Tunnel Network incorrectly allows hostnames
Updating subject for release notes.
Updated by Alhusein Zawi over 2 years ago
- File tunnel_network.jpg tunnel_network.jpg added
- Status changed from Feedback to Resolved
Fixed
the host address will be changed to be the the network address in IPv4 Tunnel Network.
I entered 10.0.8.1/24 and it was changed to be 10.0.8.0/24 and 10.10.10.1/24 to be 10.10.10.0/24.
openvpn service was up and running
2.7.0.a.20220416.0600
Updated by Jim Pingle over 2 years ago
- Related to Regression #13274: OpenVPN override IPv4 tunnel network field changing value improperly added