Migration: error during OpenVPN tunnel migration due to missing 'topology' key

[gsanchietti]

Title: Error during OpenVPN tunnel migration due to missing 'topology' key

Steps to reproduce

• Attempt to import OpenVPN tunnels using a migration script from an export file.
• Ensure the export file contains a disabled tunnel without an associated file in /etc/openvpn.

Expected behavior

• The migration should complete without errors, either by skipping problematic tunnels or by handling missing keys more gracefully.

Actual behavior

• The migration script terminates with a KeyError: 'topology' when processing disabled OpenVPN tunnel servers.
• Log output includes:

  Creating OpenVPN tunnel server fornitore
  Traceback (most recent call last):
  File "/usr/share/ns-migration/40openvpn_tunnels", line 94, in <module>
    import_tunnel(u, server, 'server')
  File "/usr/share/ns-migration/40openvpn_tunnels", line 58, in import_tunnel
    if ttype == 'server' and tunnel['topology'] != 'p2p':
                             ~~~~~~^^^^^^^^^^^^
  KeyError: 'topology'

Components

• OpenVPN Migration Script

See also NethSecurity version: 8-23.05.5-ns.1.3.0

References

• Helpdesk Ticket

[gsanchietti]

In nethserver-testing: nethserver-firewall-migration-1.0.2-1.2.g16b221e.ns7.noarch.rpm

Test case

• Create a VPN tunnel server
• Disable the tunnel
• Remove the configuration file from /etc/openvpn
• Export the migration archive
• Verify the tunnel is not present inside the export (openvpn_tunnels.json)

[francio87]

Confirm, the export file openvpn_tunnels.json no longer contains the tunnel if the config is missing.

[root@ns79 ~]# rpm -q nethserver-firewall-migration
nethserver-firewall-migration-1.0.2-1.5.g1fcf4e1.ns7.noarch

[root@ns79 ~]# db vpn show
srv-test=openvpn-tunnel-server
    Cipher=
    Compression=disabled
    Digest=
    LocalNetworks=192.168.140.0/24,10.69.58.0/24
    Network=10.95.143.0/24
    Port=1200
    Protocol=udp
    PublicAddresses=93.188.101.78
    RemoteNetworks=192.168.88.0/24
    TlsVersionMin=
    Topology=subnet
    status=disabled

[root@ns79 ~]# ls -hal /etc/openvpn/
total 32K
drwxr-xr-x.   5 root   root     161 Nov 18 11:55 .
drwxr-xr-x. 116 root   root    8.0K Nov 13 11:19 ..
drwxr-----    2 srvmgr srvmgr    22 Nov 18 11:55 ccd
drwxr-x---.   2 root   openvpn    6 Mar 17  2022 client
-rw-r--r--    1 root   root    1.3K Nov 18 11:53 host-to-net.conf
-rw-r--r--    1 root   root     248 Nov 18 11:53 host-to-net.pool
-rwxr-xr-x    1 root   root     293 Mar 11  2022 openvpn-shutdown
-rwxr-xr-x    1 root   root     513 Mar 11  2022 openvpn-startup
drwxr-x---.   2 root   openvpn    6 Mar 17  2022 server
-rw-r--r--    1 root   root     995 Nov 18 11:54 srv-test.conf

[root@ns79 ~]# mv /etc/openvpn/srv-test.conf .

Content of openvpn_tunnels.json export file after moving the conf :

{"clients":[],"servers":[]}