Package: openvpn Version: 2.3.11-1 Severity: normal Dear Maintainer, after upgrading to openvpn 2.3.11 some of my existing tunnels stopped working. It seems that it affect tunnels to Mikrotik (RouterOS) devices only. Downgrade to 2.3.10 fixes the problem. Openvpn log follows:
Wed Jun 1 10:48:30 2016 OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jan 21 2016 Wed Jun 1 10:48:30 2016 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08 Wed Jun 1 10:49:01 2016 Attempting to establish TCP connection with [AF_INET]62.204.232.20:1194 [nonblock] Wed Jun 1 10:49:02 2016 TCP connection established with [AF_INET]62.204.232.20:1194 Wed Jun 1 10:49:02 2016 TCPv4_CLIENT link local: [undef] Wed Jun 1 10:49:02 2016 TCPv4_CLIENT link remote: [AF_INET]62.204.232.20:1194 Wed Jun 1 10:49:02 2016 [vpn.lesprojektvc.cz] Peer Connection Initiated with [AF_INET]62.204.232.20:1194 Wed Jun 1 10:49:15 2016 TUN/TAP device tun0 opened Wed Jun 1 10:49:15 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Wed Jun 1 10:49:15 2016 /sbin/ip link set dev tun0 up mtu 1500 Wed Jun 1 10:49:15 2016 /sbin/ip addr add dev tun0 192.168.100.87/24 broadcast 192.168.100.255 Wed Jun 1 10:49:15 2016 Initialization Sequence Completed ^CWed Jun 1 10:49:19 2016 event_wait : Interrupted system call (code=4) Wed Jun 1 10:49:19 2016 /sbin/ip addr del dev tun0 192.168.100.87/24 Wed Jun 1 10:49:19 2016 SIGINT[hard,] received, process exiting Wed Jun 1 10:49:54 2016 OpenVPN 2.3.11 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on May 11 2016 Wed Jun 1 10:49:54 2016 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08 Wed Jun 1 10:50:13 2016 Attempting to establish TCP connection with [AF_INET]62.204.232.20:1194 [nonblock] Wed Jun 1 10:50:14 2016 TCP connection established with [AF_INET]62.204.232.20:1194 Wed Jun 1 10:50:14 2016 TCPv4_CLIENT link local: [undef] Wed Jun 1 10:50:14 2016 TCPv4_CLIENT link remote: [AF_INET]62.204.232.20:1194 Wed Jun 1 10:50:14 2016 OpenSSL: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure Wed Jun 1 10:50:14 2016 TLS_ERROR: BIO read tls_read_plaintext error Wed Jun 1 10:50:14 2016 TLS Error: TLS object -> incoming plaintext read error Wed Jun 1 10:50:14 2016 TLS Error: TLS handshake failed Wed Jun 1 10:50:14 2016 Fatal TLS error (check_tls_errors_co), restarting Wed Jun 1 10:50:14 2016 SIGUSR1[soft,tls-error] received, process restarting -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (990, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.5.0-2-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages openvpn depends on: ii debconf [debconf-2.0] 1.5.59 ii init-system-helpers 1.33 ii initscripts 2.88dsf-59.4 ii iproute2 4.3.0-1+b1 ii libc6 2.22-9 ii liblzo2-2 2.08-1.2 ii libpam0g 1.1.8-3.2 ii libpkcs11-helper1 1.11-5 ii libssl1.0.2 1.0.2h-1 ii libsystemd0 230-1 Versions of packages openvpn recommends: ii easy-rsa 2.2.2-2 Versions of packages openvpn suggests: ii openssl 1.0.2h-1 ii resolvconf 1.79 -- debconf information excluded
