Opened 4 years ago
Closed 4 years ago
#1263 closed Feature Wish (worksforme)
Invalid base address in "server" line causes openvpn to fail to start. Should be avoidable
| Reported by: | nickh | Owned by: | |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | Generic / unclassified | Version: | |
| Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | |
| Cc: |
Description
If you have a server line on you OpenVPN server configuration file like
server 10.8.10.1 255.255.255.0, OpenVPN will fail to start giving:
[root@server ~]# systemctl status openvpn@clients-tcp -l ● openvpn@clients-tcp.service - OpenVPN Robust And Highly Flexible Tunneling Application On clients/tcp Loaded: loaded (/usr/lib/systemd/system/openvpn@.service; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since Wed 2020-03-25 12:32:18 GMT; 10min ago Process: 29990 ExecStart=/usr/sbin/openvpn --cd /etc/openvpn/ --config %i.conf (code=exited, status=1/FAILURE) Main PID: 29990 (code=exited, status=1/FAILURE) Mar 25 12:32:18 server.howitts.co.uk openvpn[29990]: Options error: --server directive network/netmask combination is invalid Mar 25 12:32:18 server.howitts.co.uk openvpn[29990]: Use --help for more information. Mar 25 12:32:18 server.howitts.co.uk systemd[1]: openvpn@clients-tcp.service: main process exited, code=exited, status=1/FAILURE Mar 25 12:32:18 server.howitts.co.uk systemd[1]: Failed to start OpenVPN Robust And Highly Flexible Tunneling Application On clients/tcp. Mar 25 12:32:18 server.howitts.co.uk systemd[1]: Unit openvpn@clients-tcp.service entered failed state. Mar 25 12:32:18 server.howitts.co.uk systemd[1]: openvpn@clients-tcp.service failed.
Certainly in Linux it would be trivial to calculate the correct base address with ipcalc with something like ipcalc -n 10.8.0.1 255.255.255.0 which gives NETWORK=10.8.0.0.
This could be used to avoid the start up failure
Change History (2)
comment:1 Changed 4 years ago by
comment:2 Changed 4 years ago by
| Resolution: | → worksforme |
|---|---|
| Status: | new → closed |
| Type: | Bug / Defect → Feature Wish |
I am not going to invest time into this - yes, it's not much work to change this in OpenVPN, but someone needs to do this (code the patch, review it, test it, etc.) - and it's easier to just configure the address correctly.
If a patch comes in (via the openvpn-devel mailing list) we'll look at it.
But even then, it might be more interesting to make the IPv4 code do what the IPv6 code does - if you specify a non-0 host part for ifconfig-pool or server, use that as the base address and shift the pool start accordingly.
OTOH IPv4 is so sparse that it does not make much sense to use less than the full network...
You can change open source software as you see fit.