[FS#290] procd strips away double quotes required in OpenVPN configuration file

LEDE Bugs lede-bugs at lists.infradead.org
Fri Nov 18 08:38:35 PST 2016 

A new Flyspray task has been opened.  Details are below. 

User who did this - Magnus Kroken (mkrkn) 

Attached to Project - LEDE Project
Summary - procd strips away double quotes required in OpenVPN configuration file
Task Type - Bug Report
Category - Base system
Status - Unconfirmed
Assigned To - 
Operating System - All
Severity - Low
Priority - Very Low
Reported Version - Trunk
Due in Version - Undecided
Due Date - Undecided
Details - I am working on updating the OpenVPN package to 2.4. I have run into this issue, and I'm unsure what the appropriate solution is. 

An OpenVPN server may be configured to push options to a connecting client. In UCI, this is done like so:
list push "route 192.168.10.0 255.255.255.0"
list push "route 192.168.20.0 255.255.255.0"

When /etc/init.d/openvpn parses the UCI configuration to a temporary OpenVPN configuration file, these lines are output as:
push route 192.168.10.0 255.255.255.0
push route 192.168.20.0 255.255.255.0

OpenVPN requires that the arguments to **push** are enclosed in double quotes [1, see --push option]. Until now the above lines have worked, despite this requirement being documented since at least OpenVPN 2.0. OpenVPN 2.4 will not start with unquoted arguments to **push**, erroring with "unrecognized option".

**Known workarounds**
  - Enclose the push arguments in UCI in single and double quotes:list push '"route 192.168.20.0 255.255.255.0"'
  - Same as above, reversed:list push "'route 192.168.20.0 255.255.255.0'"
  - Add an extra pair of escaped double quotes in the UCI configuration:list push "\"route 192.168.20.0 255.255.255.0\""
  
Workaround 1 and 3 produce a correct OpenVPN configuration. Single quotes (workaround 2) are not in line with the documentation, but do work with OpenVPN 2.4 beta 1. 

**Suggestions**

These are the options I see:
  * Fix the parsing so that **list push " ... " ** is passed correctly to OpenVPN, either generically or handle the push option specially (OpenVPN only requires this for **push**)
  * Change LEDE documentation and examples to use workaround 1 or 3 above

[1] https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage#lbAH

More information can be found at the following URL:
https://bugs.lede-project.org/index.php?do=details&task_id=290

More information about the lede-bugs mailing list