Bug #12188
openclient export breaks multi remote configurations
0%
Description
https://forum.netgate.com/topic/165560/1-2-bug-client-export-openvpn-ras-udp-server
Hi,
as stated in above forum post I suggest a change in the way the client exporter currently forces "explicit exit notify" to all OVPN RAS UDP configs. We have quite a few customers that run more complex OVPN setups with TCP backup configurations in a single file (second "remote <peer> tcp 443" statement in the same file) that break with the current exporter, as it writes the "exit notify" into the file that won't work with TCP.
So instead of forcing it via
if (stristr($settings['protocol'], "udp")) {
$conf .= "explicit-exit-notify{$nl}";
}
I'd use an additional toggle like the "legacy format" or "random local port" one
/* Use a random local port, otherwise two clients will conflict if they run at the same time.
May not be supported on older clients (Released before May 2010) */
if (($randomlocalport != 0) && (substr($expformat, 0, 7) != "yealink") && ($expformat != "snom")) {
$conf .= "lport 0{$nl}";
}
and check for the toggle rather than use it on all UDP style VPN services. That way, we can make the toggle on by default but complex setups can disable it and add their additional lines of config in the textbox and save that without generating problems and having to manually edit several dozens of files now.
Cheers
Jens
Updated by Pippin MMD about 3 years ago
OpenVPN devs were/are aware of this and is currently being looked at.
Maybe a solution is near :)
Updated by Pippin MMD about 3 years ago
Updated by Kris Phillips about 3 years ago
Based on reviewing the bug report with OpenVPN there doesn't appear to be anything that needs to be done here. They're adding in a fix for OpenVPN to ignore --explicit-exit-notify if the client is using TCP mode. We will simply need to update the OpenVPN subsystem once this patch is in a release, which should happen on the next major release (assuming it's fixed in upstream first).