Hi,
I just spent quite some time debugging a problem with openvpn
disconnecting on the first TLS renogotiation.
It all boils down to the "mlock" option. If it is set on the client
side, the initial connect will succeed, but after reneg-sec there will
be a TLS key negotiation. The last message you see on the client is:
TLS: soft reset sec=0 bytes=14567/0 pkts=117/0
On the server side you will find repeatedly:
read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
since the openvpn process died on the client side.
In /var/log/messages (but not in daemon.log, where I was trying to debug
the TLS error) in the end I found:
out of memory [1656]
I'm still not sure why this problem occurs during key renegotiation.
Maybe mlockall gets called again then and fails?
Could you document this case with a big fat warning in the
README.Debian? I'm sure it would help a lot of other people.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
