Endian Bugtracker
Endian Issue Tracker





Please see now our new Bugtracker system: JIRA








View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0002682Endian FirewallNetwork related (VPN, uplinks)public2010-02-14 21:002012-07-20 14:00
Reporterfabiana 
Assigned To 
PrioritynormalSeveritytrivialReproducibilityalways
StatusconfirmedResolutionopen 
PlatformOSOS Version
Product Version2.3 
Target VersionfutureFixed in Version 
Summary0002682: global OpenVPN DCHP Options not pushed when using X509 without having accounts
DescriptionPush domain, Push these nameservers options doesn't work.
Would be nice to also have push "dhcp-option WINS a.b.c.d".

Workaround with adding
push "dhcp-option DNS a.b.c.d"
push "dhcp-option DNS a.b.c.d"
push "dhcp-option WINS a.b.c.d"
push "dhcp-option DOMAIN domain.tld"

to
/etc/openvpn/openvpn.conf.tmpl
Tagspurple
Attached Files

- Relationships
has duplicate 0002187closedpeter-endian push dns and domain missing in openvpn.conf 

-  Notes
(0003785)
luca-endian (developer)
2010-02-15 09:47

Is that happening with windows clients?
(0003786)
fabiana (reporter)
2010-02-15 09:48

Yes. I only have Windows Clients here. Both XP and Windows7.
(0003939)
peter-endian (administrator)
2010-03-05 01:25

these push values are confgurable for each user, therefore you will not find them within the global openvpn config file.

can you please check if you have the correct values in

/var/openvpn/clients/<ACCOUNTNAME>

the template for the user files is /var/openvpn/user.tmpl

WINS is not configurable right now, but DNS and DOMAIN should be pushed
(0003940)
fabiana (reporter)
2010-03-05 07:06

We use only X.509 certificates for OpenVPN, so there are no users on the firewall itself. "Global push options" don't apply in this case?
(0004075)
volker (reporter)
2010-03-20 16:29

Same here, migrating a fw + openvpn server to Endian.

Using X.509 (ca.crt, vpnserver.crt, vpnserver.key) and ended up messing with /etc/openvpn/openvpn.conf.tmpl
(0004080)
peter-endian (administrator)
2010-03-22 17:51
edited on: 2010-03-22 17:53

i understand

well, then it does not set it in the global openvpn configuration.
those values will only be set within the user's configuration.
so those global values really will not be taken in consideration right now with x509 authentication

thank you for bringing this to our attention


you can try to create an account called "DEFAULT", which then will be used as default configuration for those connectinos.
that should work

actually it is asking for a password, but as long as you don't use 2-factor auth it should not be used.

(0007420)
arno_filter (reporter)
2011-09-18 17:41

Hi,

is this bug still existent? I got nearly the same behaviour with the EFW 2.4.1.

Regards Arno

- Issue History
Date Modified Username Field Change
2010-02-14 21:00 fabiana New Issue
2010-02-15 09:47 luca-endian Note Added: 0003785
2010-02-15 09:48 fabiana Note Added: 0003786
2010-03-05 01:25 peter-endian Note Added: 0003939
2010-03-05 01:25 peter-endian Status new => feedback
2010-03-05 07:06 fabiana Note Added: 0003940
2010-03-20 16:29 volker Note Added: 0004075
2010-03-22 17:51 peter-endian Note Added: 0004080
2010-03-22 17:51 peter-endian Status feedback => confirmed
2010-03-22 17:52 peter-endian Note Added: 0004081
2010-03-22 17:53 peter-endian Note Edited: 0004080
2010-03-22 17:53 peter-endian Note Deleted: 0004081
2010-03-22 17:54 peter-endian Target Version => future
2010-09-23 15:20 peter-endian Summary OpenVPN DCHP Options not pushed => global OpenVPN DCHP Options not pushed when using X509 without having accounts
2010-09-23 15:20 peter-endian Relationship added has duplicate 0002187
2011-09-18 17:41 arno_filter Note Added: 0007420
2012-07-20 13:59 luke-endian Note Added: 0007954
2012-07-20 13:59 luke-endian Note Edited: 0007954
2012-07-20 14:00 luke-endian File Added: image001.png
2012-07-20 14:01 luke-endian Note Edited: 0007954
2012-07-20 14:01 luke-endian Tag Attached: purple
2012-07-23 16:55 luke-endian File Deleted: image001.png
2012-07-23 16:55 luke-endian Note Deleted: 0007954

Copyright © 2005-2008 Endian, SRL. All rights reserved.


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker