Modify

Opened 6 years ago

Last modified 4 years ago

#11190 new defect

Tunnel interface on OpenVPN client appears to be created too late for configuration commands

Reported by: blortz@… Owned by: developers
Priority: normal Milestone: Chaos Calmer 15.05
Component: packages Version: 10.03.1
Keywords: Cc:

Description

I am running Backfire 10.03.1 with OpenVPN including Luci's extensions (luci-app-openvpn) on two Soekris net5501 box (one as server, one as client). I'm trying to setup a "tun" based VPN instead of the "tap". I've tried to do as much configuration as possible through Luci instead of directly editing the config files, but have resorted to some direct edits.

At this point, I'm trying to keep things fairly simple and haven't tried to push routes from the server to the client or vice versa. The server does an automatic push of the client's IP address and the server's pointopoint address.

I am having problems on the client where it appears that the system tries to execute the /sbin/ifconfig command which defines the address and point-to-point address too soon. The system ignores the ifconfig and the following route command without generating any errors. I've used the logread command to see that OpenVPN has executed those commands, yet ifconfig doesn't even show the tun0 device.

If I wait a few seconds and type the ifconfig and route commands into the shell exactly the way they appeared in the log, they work and the tun0 has an address and I can ping the other side of the tunnel. If I don't execute those commands, then the tunnel seems to exist, but has no address and no routes are created across it.

It appears that other people are having similar problems and I wound up using some of the workarounds as a guide. I wound up creating an "up" script that basically sleeps 10 seconds and re-executes the ifconfig command using the arguments passed to the script. The script is executed immediately after OpenVPN's ifconfig command, but before the route command. The script doesn't have to execute the route command because the tunnel seems to be up at that point and the following commands work.

I am aware of the tickets 10518 and 10835, and have applied equivalent patches to the init script. But, they seem to be addressing a problem with push command and quoted arguments, I'm not having that error - in fact no error is being generated.

There is probably something I'm doing wrong in my configuration that is triggering this bug, but it still seems like a bug to me.

Attachments (5)

Logread-After-Fix.txt (1.9 KB) - added by blortz@… 6 years ago.
System log after fix. If you remove the "if_up.sh" line, the log would be the same as before the fix (i.e. no errors)
OpenVPN-Client (2.0 KB) - added by blortz@… 6 years ago.
Copy of /etc/config/openvpn from client machine
firewall (1.3 KB) - added by blortz@… 6 years ago.
Copy /etc/config/firewall from client.
network (1.2 KB) - added by blortz@… 6 years ago.
copy of /etc/config/network from client
if_up.sh (929 bytes) - added by blortz@… 6 years ago.
Copy of /etc/openvpn/if_up.sh (workaround script files)

Download all attachments as: .zip

Change History (7)

Changed 6 years ago by blortz@…

System log after fix. If you remove the "if_up.sh" line, the log would be the same as before the fix (i.e. no errors)

Changed 6 years ago by blortz@…

Copy of /etc/config/openvpn from client machine

Changed 6 years ago by blortz@…

Copy /etc/config/firewall from client.

Changed 6 years ago by blortz@…

copy of /etc/config/network from client

Changed 6 years ago by blortz@…

Copy of /etc/openvpn/if_up.sh (workaround script files)

comment:1 Changed 6 years ago by blortz@…

I forgot to mention that the /etc/config/openvpn that I'm using is "Client_Tun".

The output showing the version of OpenVPN is:

OpenVPN 2.1.4 i486-openwrt-linux [SSL] [LZO2] [EPOLL] built on Nov 18 2011

comment:2 Changed 4 years ago by jow

  • Milestone changed from Backfire 10.03.2 to Chaos Calmer (trunk)

Milestone Backfire 10.03.2 deleted

Add Comment

Modify Ticket

Action
as new .
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.