Project

General

Profile

Actions

Bug #482

closed

OpenVPN config upgrade problems

Added by Chris Buechler over 11 years ago. Updated over 10 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
OpenVPN
Target version:
Start date:
04/05/2010
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.0
Affected Architecture:

Description

There are a number of issues with configs upgraded from 1.2.x -> 2.0:

1. a) All 6 servers were disabled on the upgrade I did. On the original config, the first two were disabled with the rest enabled.
b) Two of the disabled servers were actually running, editing and saving their entries killed them.
2. a) 'dev tunXX' custom option breaks the upgraded config, as it has a 'dev ovpnsX' specified in the config. This will break many 1.2.x installs.
b) and there doesn't appear to be a way to override the hard coded device (so the interface isn't guaranteed to stay the same, so cannot safely be assigned). It will only stay the same as long as no clients or servers are removed above it in the list.
3. Servers with 'local x.x.x.x' custom options break because the config is converted to WAN and specifies 'local $wan_ip'. Ideal fix, find out where that IP is (a CARP VIP, interface IP) and automatically assign the interface as that "local" specification and remove the custom option. Adequate alternative: if 'local x.x.x.x' is specified as a custom option, skip the auto-added custom option.
4. LZO compression is disabled on clients after upgrade, when it was enabled before upgrade

There may be others.

Actions #1

Updated by Ermal Luçi over 11 years ago

Please send me the config you upgraded for testing.

Actions #2

Updated by Jim Pingle over 11 years ago

I found some problems in the upgrading/handling of the "disable" option for OpenVPN clients/servers. They should properly upgrade now.

Actions #3

Updated by Jim Pingle over 11 years ago

After some tests, it seems the vpnid field of an OpenVPN connection is what is used to create its device name. That vpnid is generated when the instance is created, and does not change when other instances are deleted or added. Are we sure that 2b is really an issue now?

2a will need some work to fix the assignment after conversion but should be doable. We may need to filter the dev line out of custom options to prevent it from breaking other things.

Actions #4

Updated by Ermal Luçi over 11 years ago

  • Status changed from New to Feedback

Everything specified here should be fixed now.

Actions #5

Updated by Ermal Luçi over 10 years ago

  • Status changed from Feedback to Resolved

I am closing this for now after 9 months.
If issues arise it can be re-opened.

Actions #6

Updated by Ermal Luçi over 10 years ago

  • % Done changed from 0 to 100
Actions

Also available in: Atom PDF