Project

General

Profile

Bug #11448

Incorrect order of ``route-nopull`` option in OpenVPN client-specific override configuration

Added by Viktor Gurov about 2 months ago. Updated about 1 month ago.

Status:
Feedback
Priority:
Normal
Assignee:
Category:
OpenVPN
Target version:
Start date:
02/18/2021
Due date:
% Done:

100%

Estimated time:
Affected Version:
2.5.0
Affected Architecture:
Release Notes:
Default

Description

https://openvpn.net/faq/overriding-a-pushed-route-in-the-clients-config-throws-an-error/:
When connecting to server that pushes routes using this:

...
# Pushed routes
push "route 10.1.0.0 255.255.255.0" 

and when the client overrides them in its config:
...
# Options
client
route-nopull
route 10.1.0.0 255.255.255.128
route-metric 50

...
This works but the client’s log have this:
Options error: option 'route' cannot be used in this context

This issue materializes because “route-nopull” option takes away the permission from the client to install server-pushed routes, effectively telling the option parser “no, this option is not valid here”.

The way to configure it correctly is then:

...
# Options
client
route 10.1.0.0 255.255.255.128
route-metric 50
route-nopull

The "route-nopull" option must be placed after the entered "Custom options" to avoid this error

Associated revisions

Revision 969574b6 (diff)
Added by Viktor Gurov about 2 months ago

Put OpenVPN route-nopull option after custom options. Fixes #11448

Revision 97af9f20 (diff)
Added by Viktor Gurov about 1 month ago

Put OpenVPN route-nopull option after custom options. Fixes #11448

(cherry picked from commit 969574b6dbb124e98595ca537c0d176d908707d0)

History

#1 Updated by Jim Pingle about 2 months ago

  • Target version set to CE-Next

#3 Updated by Jim Pingle about 2 months ago

  • Status changed from New to Pull Request Review

#4 Updated by Renato Botelho about 2 months ago

  • Status changed from Pull Request Review to Feedback
  • Assignee set to Viktor Gurov

PR has been merged. Thanks!

#5 Updated by Viktor Gurov about 2 months ago

  • % Done changed from 0 to 100

#6 Updated by Jim Pingle about 1 month ago

  • Status changed from Feedback to Waiting on Merge
  • Target version changed from CE-Next to 2.5.1

#7 Updated by Renato Botelho about 1 month ago

  • Status changed from Waiting on Merge to Feedback

Cherry-picked to RELENG_2_5_1

#8 Updated by Pippin MMD about 1 month ago

This can be prevented by implementing https://redmine.pfsense.org/issues/10347

#9 Updated by Jim Pingle about 1 month ago

  • Subject changed from Overriding a pushed “route” with the "route-nopull" option to Incorrect order of ``route-nopull`` option in OpenVPN client-specific override configuration

Updating subject for release notes.

Also available in: Atom PDF