OpenVPN with parameter "management"

zeggjk · April 5, 2023, 11:30am

Hi
I am unable to start the openVPN server if I add the following to the configuration file:

option management '127.0.0.1 17562'

In the log I find this:

openvpn(server_turris)[20982]: Options error: Unrecognized option or missing or extra parameter(s) in openvpn-server_turris.conf:11: management (2.5.3)

This parameter can also be inserted into the configuration file via the luci interface, but if it is specified, the OpenVPN server will not start.

hagrid · April 5, 2023, 2:33pm

Probably not compiled with this option.
@mvasilek, what are the compilation options for OpenVPN? How do we get such info?

root@staging-gw-prg:~# openvpn --version
OpenVPN 2.5.3 arm-openwrt-linux-muslgnueabi [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
library versions: OpenSSL 1.1.1t  7 Feb 2023, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>

vs on my laptop

hagrid@hogwarts:~/$ openvpn --version
OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 14 2022
library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=no enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_maintainer_mode=no enable_management=yes enable_multihome=yes enable_option_checking=no enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no

mvasilek · April 6, 2023, 12:31pm

OpenWrt compiles openvpn with the --disable-management option by default, this can be seen in packages/Makefile at 0b7b12d7075637d3ce3c4eb22b74b2f6d3054672 · openwrt/packages · GitHub and packages/Config-openssl.in at 0b7b12d7075637d3ce3c4eb22b74b2f6d3054672 · openwrt/packages · GitHub

As for why openvpn --version is not printing compile time defines, it’s because OpenWrt enables the small build option which excludes this: openvpn/options.c at 82e7d5cfd81f03f045ace2bf1d3590b79441ea17 · OpenVPN/openvpn · GitHub packages/Config-openssl.in at 0b7b12d7075637d3ce3c4eb22b74b2f6d3054672 · openwrt/packages · GitHub

zeggjk · April 6, 2023, 1:26pm

Thank you for the information. I now know that no overview of connected devices will be available via the web interface.

system · April 9, 2023, 1:27pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.