Opened 6 years ago
Closed 5 years ago
#1164 closed Bug / Defect (fixed)
Options error: --pull-filter cannot be used with --mode server
Reported by: | tct | Owned by: | Selva Nair |
---|---|---|---|
Priority: | major | Milestone: | |
Component: | Windows GUI | Version: | |
Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | |
Cc: | Selva Nair |
Description
https://forums.openvpn.net/viewtopic.php?f=6&t=27999
The GUI no longer supports --mode server
due to additional --pull-filter
Change History (12)
comment:1 Changed 6 years ago by
Cc: | Selva Nair added |
---|
comment:2 Changed 6 years ago by
cc'ing because I did not receive notification of your comment.
oops ;-)
comment:3 Changed 6 years ago by
I am not proposing this change but it does at least work:
diff --git a/src/openvpn/options.c b/src/openvpn/options.c index e34b65b1..99ab9eb0 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -2228,10 +2228,14 @@ options_postprocess_verify_ce(const struct options *options, const struct connec { msg(M_USAGE, "--pull cannot be used with --mode server"); } + +/* if (options->pull_filter_list) { msg(M_USAGE, "--pull-filter cannot be used with --mode server"); } +*/ + if (!(proto_is_udp(ce->proto) || ce->proto == PROTO_TCP_SERVER)) { msg(M_USAGE, "--mode server currently only supports "
With this patch applied to git master
- Tested a Linux server by adding
pull-filter ignore "route 192.168."
to the server config. Works as expected. - Tested a Windows server using the GUI. Works as expected. Relevant log:
Mon Mar 18 16:20:45 2019 us=716351 mode = 1 ... Mon Mar 18 16:20:45 2019 us=716351 Pull filters: Mon Mar 18 16:20:45 2019 us=716351 ignore "route-method" ... Mon Mar 18 16:20:45 2019 us=716351 server_network = 10.11.97.0 Mon Mar 18 16:20:45 2019 us=716351 server_netmask = 255.255.255.0 ... Mon Mar 18 16:20:45 2019 us=716351 pull = DISABLED ... Mon Mar 18 16:20:45 2019 us=716351 OpenVPN 2.5_git [git:master/ccb636c75103f11b+] i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Mar 18 2019 Mon Mar 18 16:20:45 2019 us=716351 Windows version 6.1 (Windows 7) 32bit Mon Mar 18 16:20:45 2019 us=716351 library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10 ... Mon Mar 18 16:20:46 2019 us=435101 interactive service msg_channel=0 ... Mon Mar 18 16:20:56 2019 us=466351 Initialization Sequence Completed ... Mon Mar 18 16:21:22 2019 us=403851 85.210.186.13:3879 [meltdown] Peer Connection Initiated with [AF_INET6]::ffff:85.210.186.13:3879 ... Mon Mar 18 16:21:23 2019 us=591351 meltdown/85.210.186.13:3879 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Mon Mar 18 16:21:23 2019 us=591351 meltdown/85.210.186.13:3879 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
I presumed that pull-filter code is not called by a server because pull is disabled.
comment:4 follow-ups: 5 6 Changed 6 years ago by
Of course that will "fix" it, but its not ideal, obviously. The right fix would be for the GUI to parse the config and not add it for server modes.
I never thought anyone is using the GUI to run a server as that would require the user to remain logged-in. This may be a rare use case.
comment:5 Changed 6 years ago by
Replying to selvanair:
Of course that will "fix" it, but its not ideal, obviously. The right fix would be for the GUI to parse the config and not add it for server modes.
I was simply testing a theory but your proposal to change the GUI is more suitable.
Replying to selvanair:
I never thought anyone is using the GUI to run a server as that would require the user to remain logged-in. This may be a rare use case.
Only two confirmed cases so far -- See the link to the Forum above.
Apparently, starting OpenVPN GUI with admin rights prevented this error .. which does not sound ideal either.
comment:6 Changed 6 years ago by
Replying to selvanair:
The right fix would be for the GUI to parse the config and not add it for server modes.
Are you planning to make this change or not ?
comment:7 Changed 6 years ago by
It would be nice to see additional info in this guide:
https://community.openvpn.net/openvpn/wiki/Easy_Windows_Guide
which doesn't work due Options error: --pull-filter cannot be used with --mode server
comment:9 follow-up: 10 Changed 5 years ago by
Is it possible that the hard error in openvpn be downgraded to only a warning and continue anyway ?
comment:10 Changed 5 years ago by
Replying to tincantech:
Is it possible that the hard error in openvpn be downgraded to only a warning and continue anyway ?
Sounds good to me. We could change the fatal "Options error: .." to a warning like "Options warning: client-only option --pull-filter ignored in --mode server".
Alternatively, adding a config specific tick-box in the GUI is not hard but not very user-friendly. A proper fix is much more work.
comment:11 Changed 5 years ago by
commit bb1ea491cd16d11b448342e8287beacae619f980 (master)
commit 6a90f36f69e1f41d6c61ab7e566e7e7e0ba7d71a (release/2.4)
Author: Richard Bonhomme <tincanteksup@…>
Date: Thu Oct 24 22:48:32 2019 +0100
Ignore --pull-filter for --mode server
... so I think this ticket can be closed now, right?
comment:12 Changed 5 years ago by
Resolution: | → fixed |
---|---|
Status: | new → closed |
oops