Modify

Opened 7 years ago

Last modified 3 years ago

#8198 reopened defect

openvpn 2.1.3 is missing parameter "explicit-exit-notify"

Reported by: openwrt@… Owned by: jow
Priority: normal Milestone: Backfire 10.03.1
Component: packages Version: Trunk
Keywords: openvpn Cc:

Description

The OpenVPN module within LuCI sets this parameter to "1" in OpenVPN tls-client mode but the openvpn binary doesn't know about it:

$ cat /etc/config/openvpn
[...]
config 'openvpn' 'RoadWarrior'
	option 'nobind' '1'
	option 'float' '1'
	option 'client' '1'
	option 'comp_lzo' '1'
	option 'reneg_sec' '0'
	option 'management' '127.0.0.1 31194'
	option 'explicit_exit_notify' '1'
	option 'dev' 'tun'
	option 'persist_tun' '1'
	option 'persist_key' '1'
	option 'remote_cert_tls' 'server'
	list 'remote' 'openvpn.example.com'
	option 'pkcs12' '/lib/uci/upload/cbid.openvpn.RoadWarrior.pkcs12'
	option 'enable' '1'
	option 'verb' '3'

Due to this problem openvpn fails:

root@OpenWrt:~# logread -f
Nov  8 23:08:42 OpenWrt user.err openvpn(RoadWarrior)[2754]: Options error: Unrecognized option or missing parameter(s) in [CMD-LINE]:1: explicit-exit-notify (2.1.3)
Nov  8 23:08:42 OpenWrt user.warn openvpn(RoadWarrior)[2754]: Use --help for more information.

Attachments (0)

Change History (4)

comment:1 Changed 7 years ago by jow

  • Owner changed from developers to jow
  • Status changed from new to assigned

comment:2 Changed 6 years ago by attila.lendvai@…

i've just spent about an hour rediscovering this bug on OpenWrt Backfire 10.03.1-RC6.

for the record: the fix is to delete the line with 'explicit_exit_notify' from /etc/config/openvpn.

comment:3 Changed 6 years ago by jow

  • Resolution set to fixed
  • Status changed from assigned to closed

comment:4 Changed 3 years ago by anonymous

  • Resolution fixed deleted
  • Status changed from closed to reopened

The parameter explicit-exit-notify is still unknown to the OpenVPN binary

root@wl500gd:/etc/init.d# cat /proc/version
Linux version 3.14.29 (thepeople@viasatpilot) (gcc version 4.8.3 (OpenWrt/Linaro GCC 4.8-2014.04 r44150) ) #1 Tue Jan 27 08:32:42 CET 2015

root@wl500gd:/tmp/etc# cat openvpn-sample_client.conf
client
nobind
persist-key
persist-tun
up-restart
auth MD5
auth-user-pass /etc/openvpn/userpass.txt
ca /lib/uci/upload/cbid.openvpn.sample_client.ca
cert /lib/uci/upload/cbid.openvpn.sample_client.cert
cipher AES-256-CBC
comp-lzo yes
dev tun
explicit-exit-notify 2

root@wl500gd:/tmp/etc# openvpn openvpn-sample_client.conf
Options error: Unrecognized option or missing parameter(s) in openvpn-sample_client.conf:13: explicit-exit-notify (2.3.6)
Use --help for more information.

Add Comment

Modify Ticket

Action
as reopened .
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.