Project

General

Profile

Bug #482

OpenVPN config upgrade problems

Added by Chris Buechler over 9 years ago. Updated about 8 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
OpenVPN
Target version:
Start date:
04/05/2010
Due date:
% Done:

100%

Estimated time:
Affected Version:
2.0
Affected Architecture:

Description

There are a number of issues with configs upgraded from 1.2.x -> 2.0:

1. a) All 6 servers were disabled on the upgrade I did. On the original config, the first two were disabled with the rest enabled.
b) Two of the disabled servers were actually running, editing and saving their entries killed them.
2. a) 'dev tunXX' custom option breaks the upgraded config, as it has a 'dev ovpnsX' specified in the config. This will break many 1.2.x installs.
b) and there doesn't appear to be a way to override the hard coded device (so the interface isn't guaranteed to stay the same, so cannot safely be assigned). It will only stay the same as long as no clients or servers are removed above it in the list.
3. Servers with 'local x.x.x.x' custom options break because the config is converted to WAN and specifies 'local $wan_ip'. Ideal fix, find out where that IP is (a CARP VIP, interface IP) and automatically assign the interface as that "local" specification and remove the custom option. Adequate alternative: if 'local x.x.x.x' is specified as a custom option, skip the auto-added custom option.
4. LZO compression is disabled on clients after upgrade, when it was enabled before upgrade

There may be others.

Associated revisions

Revision 8b666514 (diff)
Added by jim-p about 9 years ago

Fix OpenVPN upgrade code for lzo compression. Resolves #280, mentioned also in Ticket #482.

Revision be58c36d (diff)
Added by Jim Pingle about 9 years ago

Allow the user to override OpenVPN interface name in custom options (e.g. dev tap99 or dev tun99) and set related options appropriately. ticket #482 Item 2a/2b.

Revision bd7ca506 (diff)
Added by Jim Pingle about 9 years ago

Revert "Allow the user to override OpenVPN interface name in custom options (e.g. dev tap99 or dev tun99) and set related options appropriately. ticket #482 Item 2a/2b." - Revert for now, may cause more issues than it fixes.

This reverts commit be58c36ded298a1cb7a0eac40cd2edd62908d882.

Revision 8fd0badd (diff)
Added by Ermal Luçi almost 9 years ago

Ticket #482. This solves point 3) which converts the custom 'local IP' directive to the 2.0 format.

History

#1 Updated by Ermal Luçi over 9 years ago

Please send me the config you upgraded for testing.

#2 Updated by Jim Pingle about 9 years ago

I found some problems in the upgrading/handling of the "disable" option for OpenVPN clients/servers. They should properly upgrade now.

#3 Updated by Jim Pingle about 9 years ago

After some tests, it seems the vpnid field of an OpenVPN connection is what is used to create its device name. That vpnid is generated when the instance is created, and does not change when other instances are deleted or added. Are we sure that 2b is really an issue now?

2a will need some work to fix the assignment after conversion but should be doable. We may need to filter the dev line out of custom options to prevent it from breaking other things.

#4 Updated by Ermal Luçi almost 9 years ago

  • Status changed from New to Feedback

Everything specified here should be fixed now.

#5 Updated by Ermal Luçi about 8 years ago

  • Status changed from Feedback to Resolved

I am closing this for now after 9 months.
If issues arise it can be re-opened.

#6 Updated by Ermal Luçi about 8 years ago

  • % Done changed from 0 to 100

Also available in: Atom PDF