Openvpn is broken in OpenWrt 22.03.3

hi there openvpn is broken in openwrt. 22.03.3

the problem is the path provided by the luci- app
if on command line I provide this:

openvpn  --config /etc/opnvpn/portmap.ovpn

i will get this as an error

root@OpenWrt:/etc/openvpn# openvpn  --config /etc/opnvpn/portmap.ovpn
Options error: In [CMD-LINE]:1: Error opening configuration file: /etc/opnvpn/portmap.ovpn
Use --help for more information.

and why openvpn - luci will not work

BUT if you provide

openvpn --config  portmap.ovpn

it will run

root@OpenWrt:/etc/openvpn# openvpn  --config portmap.ovpn
2023-03-11 02:17:08 Note: Treating option '--ncp-ciphers' as  '--data-ciphers' (renamed in OpenVPN 2.5).
2023-03-11 02:17:08 DEPRECATED OPTION: --cipher set to 'bf-cbc' but missing in --data-ciphers (AES-256-GCM:AES-256-CBC:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'bf-cbc' to --data-ciphers or change --cipher 'bf-cbc' to --data-ciphers-fallback 'bf-cbc' to silence this warning.
2023-03-11 02:17:08 OpenVPN 2.5.7 x86_64-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2023-03-11 02:17:08 library versions: OpenSSL 1.1.1s  1 Nov 2022, LZO 2.10
2023-03-11 02:17:08 WARNING: INSECURE cipher (bf-cbc) with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Support for these insecure ciphers will be removed in OpenVPN 2.7.
2023-03-11 02:17:08 TCP/UDP: Preserving recently used remote address: [AF_INET]193.161.193.99:1194
2023-03-11 02:17:08 UDP link local: (not bound)
2023-03-11 02:17:08 UDP link remote: [AF_INET]193.161.193.99:1194
2023-03-11 02:17:08 [193.161.193.99] Peer Connection Initiated with [AF_INET]193.161.193.99:1194
2023-03-11 02:17:10 TUN/TAP device tun0 opened
2023-03-11 02:17:10 net_iface_mtu_set: mtu 1500 for tun0
2023-03-11 02:17:10 net_iface_up: set tun0 up
2023-03-11 02:17:10 net_addr_ptp_v4_add: 10.8.14.218 peer 10.8.14.217 dev tun0
2023-03-11 02:17:10 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2023-03-11 02:17:10 Initialization Sequence Completed

Is your typo intentional?

3 Likes