From 214af997817f1856c8297a33b0b6ac3f7fb628b3 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Thu, 26 Sep 2019 21:40:57 +0200 Subject: openvpn: T1691: add artifical abort when waiting on interface --- src/conf_mode/interface-openvpn.py | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) (limited to 'src/conf_mode/interface-openvpn.py') diff --git a/src/conf_mode/interface-openvpn.py b/src/conf_mode/interface-openvpn.py index 57d565749..c91bc3900 100755 --- a/src/conf_mode/interface-openvpn.py +++ b/src/conf_mode/interface-openvpn.py @@ -903,8 +903,19 @@ def apply(openvpn): # better late then sorry ... but we can only set interface alias after # OpenVPN has been launched and created the interface + cnt = 0 while openvpn['intf'] not in interfaces(): - sleep(0.250) # 250ms + # If VPN tunnel can't be established because the peer/server isn't + # (temporarily) available, the vtun interface never becomes registered + # with the kernel, and the commit would hang if there is no bail out + # condition + cnt += 1 + if cnt == 50: + break + + # sleep 250ms + sleep(0.250) + Interface(openvpn['intf']).set_alias(openvpn['description']) return None -- cgit v1.2.3 From 9def20e8d74475a5fe3e4844c13e988e03f4c363 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Thu, 26 Sep 2019 21:48:34 +0200 Subject: openvpn: T1691: interface is not always created - take care when setting alias --- src/conf_mode/interface-openvpn.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'src/conf_mode/interface-openvpn.py') diff --git a/src/conf_mode/interface-openvpn.py b/src/conf_mode/interface-openvpn.py index c91bc3900..57b07e187 100755 --- a/src/conf_mode/interface-openvpn.py +++ b/src/conf_mode/interface-openvpn.py @@ -916,7 +916,12 @@ def apply(openvpn): # sleep 250ms sleep(0.250) - Interface(openvpn['intf']).set_alias(openvpn['description']) + try: + # we need to catch the exception if the interface is not up due to + # reason stated above + Interface(openvpn['intf']).set_alias(openvpn['description']) + except: + pass return None -- cgit v1.2.3 From 4d225f60b7e9ad52681124aa63094fb770cc7e07 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sat, 28 Sep 2019 09:45:06 +0200 Subject: OpenVPN: T1512: always enable compat-names option --- src/conf_mode/interface-openvpn.py | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'src/conf_mode/interface-openvpn.py') diff --git a/src/conf_mode/interface-openvpn.py b/src/conf_mode/interface-openvpn.py index 57b07e187..a988e1ab1 100755 --- a/src/conf_mode/interface-openvpn.py +++ b/src/conf_mode/interface-openvpn.py @@ -225,6 +225,20 @@ auth-retry nointeract client-config-dir /opt/vyatta/etc/openvpn/ccd/{{ intf }} {% endif %} +# DEPRECATED This option will be removed in OpenVPN 2.5 +# Until OpenVPN v2.3 the format of the X.509 Subject fields was formatted like this: +# /C=US/L=Somewhere/CN=John Doe/emailAddress=john@example.com In addition the old +# behaviour was to remap any character other than alphanumeric, underscore ('_'), +# dash ('-'), dot ('.'), and slash ('/') to underscore ('_'). The X.509 Subject +# string as returned by the tls_id environmental variable, could additionally +# contain colon (':') or equal ('='). When using the --compat-names option, this +# old formatting and remapping will be re-enabled again. This is purely implemented +# for compatibility reasons when using older plug-ins or scripts which does not +# handle the new formatting or UTF-8 characters. +# +# See https://phabricator.vyos.net/T1512 +compat-names + {% for option in options -%} {{ option }} {% endfor -%} -- cgit v1.2.3