1 files changed, 41 insertions, 5 deletions
diff --git a/src/conf_mode/interface-openvpn.py b/src/conf_mode/interface-openvpn.py
index 35e7928c2..a988e1ab1 100755
--- a/src/conf_mode/interface-openvpn.py
+++ b/src/conf_mode/interface-openvpn.py
@@ -13,8 +13,6 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
-#
-#
 
 import os
 import re
@@ -31,8 +29,9 @@ from pwd import getpwnam
 from subprocess import Popen, PIPE
 from time import sleep
 
-from vyos.config import Config
 from vyos import ConfigError
+from vyos.config import Config
+from vyos.ifconfig import Interface
 from vyos.validate import is_addr_assigned
 
 user = 'openvpn'
@@ -226,6 +225,20 @@ auth-retry nointeract
 client-config-dir /opt/vyatta/etc/openvpn/ccd/{{ intf }}
 {% endif %}
 
+# DEPRECATED This option will be removed in OpenVPN 2.5
+# Until OpenVPN v2.3 the format of the X.509 Subject fields was formatted like this:
+# /C=US/L=Somewhere/CN=John Doe/emailAddress=john@example.com In addition the old
+# behaviour was to remap any character other than alphanumeric, underscore ('_'),
+# dash ('-'), dot ('.'), and slash ('/') to underscore ('_'). The X.509 Subject
+# string as returned by the tls_id environmental variable, could additionally
+# contain colon (':') or equal ('='). When using the --compat-names option, this
+# old formatting and remapping will be re-enabled again. This is purely implemented
+# for compatibility reasons when using older plug-ins or scripts which does not
+# handle the new formatting or UTF-8 characters.
+#
+# See https://phabricator.vyos.net/T1512
+compat-names
+
 {% for option in options -%}
 {{ option }}
 {% endfor -%}
@@ -580,7 +593,7 @@ def get_config():
     # Minimum required TLS version
     if conf.exists('tls tls-version-min'):
          openvpn['tls_version_min'] = conf.return_value('tls tls-version-min')
-    
+
     if conf.exists('shared-secret-key-file'):
         openvpn['shared_secret_file'] = conf.return_value('shared-secret-key-file')
 
@@ -736,7 +749,7 @@ def verify(openvpn):
         if openvpn['tls_auth']:
             if not checkCertHeader('-----BEGIN OpenVPN Static key V1-----', openvpn['tls_auth']):
                 raise ConfigError('Specified auth-file "{}" is invalid'.format(openvpn['tls_auth']))
-        
+
         if openvpn['tls_cert']:
             if not checkCertHeader('-----BEGIN CERTIFICATE-----', openvpn['tls_cert']):
                 raise ConfigError('Specified cert-file "{}" is invalid'.format(openvpn['tls_cert']))
@@ -901,6 +914,29 @@ def apply(openvpn):
 
     # execute assembled command
     subprocess_cmd(cmd)
+
+    # better late then sorry ... but we can only set interface alias after
+    # OpenVPN has been launched and created the interface
+    cnt = 0
+    while openvpn['intf'] not in interfaces():
+        # If VPN tunnel can't be established because the peer/server isn't
+        # (temporarily) available, the vtun interface never becomes registered
+        # with the kernel, and the commit would hang if there is no bail out
+        # condition
+        cnt += 1
+        if cnt == 50:
+            break
+
+        # sleep 250ms
+        sleep(0.250)
+
+    try:
+        # we need to catch the exception if the interface is not up due to
+        # reason stated above
+        Interface(openvpn['intf']).set_alias(openvpn['description'])
+    except:
+        pass
+
     return None