Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Migration: error during OpenVPN tunnel migration due to missing 'topology' key #889

Closed
gsanchietti opened this issue Nov 7, 2024 · 2 comments
Closed

Migration: error during OpenVPN tunnel migration due to missing 'topology' key #889

gsanchietti opened this issue Nov 7, 2024 · 2 comments
Labels
verified All test cases were verified successfully
Milestone
NethSecurity 8.4

Comments

@gsanchietti
Copy link
Member

Title: Error during OpenVPN tunnel migration due to missing 'topology' key

Steps to reproduce

  • Attempt to import OpenVPN tunnels using a migration script from an export file.
  • Ensure the export file contains a disabled tunnel without an associated file in /etc/openvpn.

Expected behavior

  • The migration should complete without errors, either by skipping problematic tunnels or by handling missing keys more gracefully.

Actual behavior

  • The migration script terminates with a KeyError: 'topology' when processing disabled OpenVPN tunnel servers.
  • Log output includes: 
    Creating OpenVPN tunnel server fornitore
Traceback (most recent call last):
  File "/usr/share/ns-migration/40openvpn_tunnels", line 94, in <module>
    import_tunnel(u, server, 'server')
  File "/usr/share/ns-migration/40openvpn_tunnels", line 58, in import_tunnel
    if ttype == 'server' and tunnel['topology'] != 'p2p':
                             ~~~~~~^^^^^^^^^^^^
KeyError: 'topology'

Components

  • OpenVPN Migration Script

See also
NethSecurity version: 8-23.05.5-ns.1.3.0

References
@gsanchietti gsanchietti moved this to Ready ⏯ in NethSecurity Nov 7, 2024
@gsanchietti gsanchietti moved this from Ready ⏯ to In progress 🛠 in NethSecurity Nov 7, 2024
@gsanchietti gsanchietti self-assigned this Nov 7, 2024
@gsanchietti gsanchietti mentioned this issue Nov 7, 2024
Merged
gsanchietti added a commit to NethServer/nethserver-firewall-migration that referenced this issue Nov 7, 2024
@gsanchietti
fix(openvpn_tunnel): do not export invalid tunnels (#54)
16b221e 
Skip tunnels that does not have a valid configuration file:
they will produce a bad export that can't be imported.

NethServer/nethsecurity#889
@gsanchietti
Copy link
Member Author

In nethserver-testing:
nethserver-firewall-migration-1.0.2-1.2.g16b221e.ns7.noarch.rpm

Test case

  • Create a VPN tunnel server
  • Disable the tunnel
  • Remove the configuration file from /etc/openvpn
  • Export the migration archive
  • Verify the tunnel is not present inside the export (openvpn_tunnels.json)

@gsanchietti gsanchietti added the testing Packages are available from testing repositories label Nov 7, 2024
@gsanchietti gsanchietti added this to the NethSecurity 8.4 milestone Nov 7, 2024
@gsanchietti gsanchietti removed their assignment Nov 13, 2024
@francio87 francio87 self-assigned this Nov 18, 2024
@francio87
Copy link
Member

Confirm, the export file openvpn_tunnels.json no longer contains the tunnel if the config is missing.

[root@ns79 ~]# rpm -q nethserver-firewall-migration
nethserver-firewall-migration-1.0.2-1.5.g1fcf4e1.ns7.noarch
[root@ns79 ~]# db vpn show
srv-test=openvpn-tunnel-server
    Cipher=
    Compression=disabled
    Digest=
    LocalNetworks=192.168.140.0/24,10.69.58.0/24
    Network=10.95.143.0/24
    Port=1200
    Protocol=udp
    PublicAddresses=93.188.101.78
    RemoteNetworks=192.168.88.0/24
    TlsVersionMin=
    Topology=subnet
    status=disabled
[root@ns79 ~]# ls -hal /etc/openvpn/
total 32K
drwxr-xr-x.   5 root   root     161 Nov 18 11:55 .
drwxr-xr-x. 116 root   root    8.0K Nov 13 11:19 ..
drwxr-----    2 srvmgr srvmgr    22 Nov 18 11:55 ccd
drwxr-x---.   2 root   openvpn    6 Mar 17  2022 client
-rw-r--r--    1 root   root    1.3K Nov 18 11:53 host-to-net.conf
-rw-r--r--    1 root   root     248 Nov 18 11:53 host-to-net.pool
-rwxr-xr-x    1 root   root     293 Mar 11  2022 openvpn-shutdown
-rwxr-xr-x    1 root   root     513 Mar 11  2022 openvpn-startup
drwxr-x---.   2 root   openvpn    6 Mar 17  2022 server
-rw-r--r--    1 root   root     995 Nov 18 11:54 srv-test.conf
[root@ns79 ~]# mv /etc/openvpn/srv-test.conf .

Content of openvpn_tunnels.json export file after moving the conf :

{"clients":[],"servers":[]}

@francio87 francio87 removed their assignment Nov 18, 2024
@francio87 francio87 added verified All test cases were verified successfully and removed testing Packages are available from testing repositories labels Nov 18, 2024
@nethbot nethbot moved this from Testing to Verified in NethSecurity Nov 18, 2024
@github-project-automation github-project-automation bot moved this from Verified to Done ✅ in NethSecurity Nov 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
verified All test cases were verified successfully
Projects
NethSecurity
Archived in project
Milestone
NethSecurity 8.4
Development

No branches or pull requests
2 participants
@gsanchietti @francio87