Failed to import configuration

[titov-vv]

Hi, I'm using openvpn3-indicator on Arch Linux. And something strange happened. I installed it successfully, immediately imported a profile and connected. Then I rebooted and profile disappeared (this problem I solved separately with openvpn3 config-import command). But the problem is - I can't import profile via GUI anymore. It raises an exception in on_config_import() with message Failed to import configuration. More detailed exception is: Exception: openvpn3-indicator-config-parser: error: unrecognized arguments: -- --dev tun -- -- --proto udp --remote X.Y.Z.U pppp -- ...
I don't understand why it raises this exception as these are pretty normal parameters and exactly this file was improted successfully right after installation, but it disappered after reboot. And I use this profile for some time already - there should be nothing wrong with it.

[grzegorz-gutowski]

I'm using openvpn3.ConfigParser in a way which used to behave exactly as openvpn2 utility program does. I need to investigate what has changed there. Which version of openvpn3 are you using? Can you please check if you can use your config with openvpn2?

[titov-vv]

I use openvpn3 from AUR, it is marked as 22_dev-3, I'm not sure how it translates into proper openvpn3 version. Let me know if I need to dig deeper and find exact version if this one isn't clear for you. I have openvpn 2.6.11-1 in my system either, but I think I actually never used it... I tried it with openvpn --config <config_file> and it looks ok - connection is established successfully.

The thing that puzzles me - I'm 100% sure that I've imported a profile right after installation (because I've connected and I would remove the package if it wouldn't work). I thought it disappeared due to #8 (but may be because of another reason...). Maybe the story is about access rights?

[grzegorz-gutowski]

Tool openvpn2 is included in openvpn3-linux release. It tries to mimic the behavior of openvpn tool from openvpn 2.6 but using openvpn3 under the hood. You can use it like this:

openvpn2 --config <config_file>

I strongly believe it should fail the same way openvpn3-indicator does. Can you please share more details of your config? Preferably the config file stripped of keys and other private data.

[titov-vv]

Hi @grzegorz-gutowski, Yes, you are ritght, openvpn2 fails exactly the same way. Config file is attached (I replaced remote IP with 1.1.1.1 and removed certificate related data) config.txt (I'm sorry that it is a bit dirty with pre-defined comments but I decided to keep it and don't modify the file much).

[dsommers]

@titov-vv please remove all the comments and try again ... I wonder if the python config parser doesn't like some of the comments.

[grzegorz-gutowski]

OK, first this config includes: --plugin which is not supported. And it seems that ConfigParser fails on old-style ";" comments, which needs to be fixed in ConfigParser.

[grzegorz-gutowski]

@dsommers I guess the line:

cfg.append('--' + opt.split(';')[0])

in ConfigParser could do a sanity check that the part before ; has non-zero length.

[titov-vv]

It appears both of you are right. I removed all comments from the file and now I have:

** WARNING ** Ignoring option: --up /usr/share/openvpn/contrib/pull-resolv-conf/client.up

** ERROR ** /usr/bin/openvpn2: error: unrecognized arguments: --plugin /usr/lib/openvpn/plugins/openvpn-plugin-down-root.so "/usr/share/openvpn/contrib/pull-resolv-conf/client.down tun0"

Initial problem was caused with old-style ; comments indeed. But now it fails on plugin option...

[dsommers]

@titov-vv plugin is not supported, and I'm torn if that should result in a fatal error or be ignored. For some users, it may break the expected behaviour.

In your case, you don't need that nor the up script. OpenVPN 3 Linux does DNS integration out-of-the-box without any external helpers.

[titov-vv]

@dsommers thanks for your feedback. If you take my opionion into accout - it should raise a fatal error about plugin with clear message that it isn't supported. Then user will be warned and will decide what to do with it (otherwise as you said - it may end up in some strange things happening).

As for me - this config is more than 2 years old, I vaguely remember that it didn't work without plugin. Anyway, it is my local issue and I'll re-check it. I think we sorted out what happened and this issue may be closed (if you don't need it for any activity tracking or something...)

Thanks for your support!

[dsommers]

@titov-vv Well, the error you get on plugin does say unrecognized arguments: --plugin

OpenVPN 2.x has about 300+ options(!). The OpenVPN 3 Python module knows about approximately 100 of them. What's been the main principle in this Python parser is to support what is expected to work with the OpenVPN 3 Core library and ignore those options which can be ignored and still get a functional VPN tunnel. And among those roughly 200 there are some which are Windows specific and a lot of them are server related.

Maybe the error message itself could be intercepted (now it's the raw error from the Python argparse.ArgumentParser) better to rewrite the error. But it still needs to be a distinction between invalid and unsupported options, as it would be equally wrong to just blindly rewrite the error when --blabla-invalid-option is attempted and get an Unsupported option error back. Which means it would need to carry a list of about 200 options which is not supported. I find that a bit far too much, to be honest.

Using openvpn3 session-start or importing the configuration file using openvpn3 config-import would normally work, as that uses a C++ based configuration parser which handles and ignores unknown options in a very different way.

The issue with ; as the comment marker is being tracked by this ticket: https://codeberg.org/OpenVPN/openvpn3-linux/issues/11

I'm closing this ticket now, as the issue with the comment marker will be handled in the main project and will not require any changes in openvpn3-indicator.