OpenVPN GUI Problem with spaces in Remote networks field

pete35 · Aug 5, 2017, 2:41 PM

Hi,

when entering remote networks in the config GUI an OPENVPN site to site tunnel, multiple networks
should be separated by commas. If i add additional spaces in front of the commas, pfsense doesnt route any more to this networks,
starting from the space, even they are listed in the routing table. Only the first network is routed.

Sample:

IPv4 Remote network(s) 10.1.30.0/24, 10.1.35.0/24, 10.1.40.0/24 doesnt work. Only 10.1.30.0/24 is routed
IPv4 Remote network(s) 10.1.30.0/24,10.1.35.0/24,10.1.40.0/24 works. All networks are routed.

I think this is a bug.

jimp · Aug 7, 2017, 2:30 PM

I can't reproduce that here, it works with and without spaces.

Which pfSense version are you running? And is that on a client or server?

pete35 · Aug 10, 2017, 11:07 AM

Hi Jimp,

thank you for the fast answer. I rechecked this problem now on 2 Locations. I have it
on

2.4.0-BETA (amd64) built on Sat Jul 29 23:00:29 CDT 2017 FreeBSD 11.0-RELEASE-p11 and
2.4.0-BETA (amd64) built on Thu Aug 03 11:22:59 CDT 2017 FreeBSD 11.0-RELEASE-p11

on two different boxes. I can reproduce it on on client site with two different tunnels.

I know now what to do … just eliminating the spaces.

phil.davis · Aug 13, 2017, 3:40 AM

The code already trims any spaces, and has done that ever since it was first implemented:
https://github.com/pfsense/pfsense/blob/master/src/etc/inc/openvpn.inc#L1988

I double-checked - put spaces in and saved - the conf in /var/etc/openvpn ends up exactly the same.

So I don't see how it can break???

pete35 · Aug 13, 2017, 2:58 PM

Yes, you are right.

But actually removing the spaces from this field solved my routing issues.

Thank you!

jimp · Aug 14, 2017, 3:15 PM

I checked again as well. Client and server. Both write out the same config and have the same (correct) routing table entries with and without spaces. Something else must have changed there to affect it.

pete35 · Jun 22, 2018, 8:26 AM

I had this problem again today with version 2.4.2 .

I had a single route in this field (remote networks) "192.168.1.0/24 " and nothing else, note the space after the /24. The route was in the routing table and so on, but it doesnt work. Then i deleted the space and everything works as expected.

The code at https://github.com/pfsense/pfsense/blob/master/src/etc/inc/openvpn.inc#L1988 trims something,
but is this function called correctly and is the subnetmask trimmed too? Maybe openvpn can´t work with the space?

Is there a chance to check this again?

jimp · Jun 22, 2018, 12:39 PM

@pete35 said in OpenVPN GUI Problem with spaces in Remote networks field:

The route was in the routing table and so on, but it doesnt work.

If the route was correct in the routing table, there isn't anything else OpenVPN would have needed to do for it. Maybe the restart of the VPN helped more than removing the space?

The routes are definitely trimmed before they are put into the OpenVPN configuration. See https://github.com/pfsense/pfsense/blob/master/src/etc/inc/openvpn.inc#L2035 for a better example.