Package: openvpn Version: 2.0.9-4 Followup-For: Bug #390697 I have a very similar behaviour here. It would be great if somebody could look into it, since this bug is uncommented in state 'important' for almost one year now. Might it help to increase the severity?
Anyhow, let's get to details. The problem occurs in irregular time intervals. Sometimes it takes a couple of days until it occurs again, but I also had days where it happened twice: Aug 20 20:38:52 gate kernel: openvpn[18803] general protection rip:2b078d49f242 rsp:7fff1daf0168 error:0 Aug 17 07:51:50 gate kernel: openvpn[15246]: segfault at 0000003100580003 rip 00002b32a1829242 rsp 00007fff09765ea8 error 4 Aug 16 19:37:13 gate kernel: openvpn[1948]: segfault at 0000003100580003 rip 00002b46fab0f242 rsp 00007fffb047dab8 error 4 Aug 14 12:53:00 gate kernel: openvpn[30475]: segfault at 0000003100580003 rip 00002b709b5ca242 rsp 00007fff0f9c5108 error 4 Aug 14 19:35:14 gate kernel: openvpn[32530]: segfault at 0000003100580003 rip 00002ac0d10cc242 rsp 00007fffd9ec35f8 error 4 Currently testing/unstable have 2.0.9-8, but the changelogs do not look like anything of potential significance to this issue has changed. I am using openvpn in multi-client-mode with Certificates and with PAM authentication. I already increased verbosity to 4, but nothing of significance shows up in the log next to these lines. Per day, around 20 different users make up to 200 connects to this instance, hence I hitherto refrained from further raising the loglevel. After such an occurrence, OpenVPN does not respond to any packets anymore until it gets restarted. I would assume that this issue is related to amd64, since I recently switched this installation from a i386 machine to this amd64 machine and got these problems. If required, I could hand out logs and pcap-style dumps (1 new file each MB) of the encrypted packets. I already analysed the pcap-dumps but could not find a correlation to a specific client instance or traffic pattern or anything. I will try to attach my current openvpn config to this bugreport. Since the issue usually reoccurs after a few days, I am also willing to provide assistance in nailing this issue down. Regards, Stefan -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-4-amd64 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages openvpn depends on: ii debconf [debconf-2.0] 1.5.11 Debian configuration management sy ii libc6 2.3.6.ds1-13 GNU C Library: Shared libraries ii liblzo1 1.08-3 data compression library (old vers ii libssl0.9.8 0.9.8c-4 SSL shared libraries openvpn recommends no packages. -- debconf information: openvpn/change_init: false openvpn/change_init2: false openvpn/create_tun: false openvpn/stop2upgrade: false openvpn/default_port:
###we are server server 42.42.42.128 255.255.255.224 local 42.42.42.248 #we talk udp on port 1194 proto udp resolv-retry 10 port 1194 #connect-retry <not used> #read the 'dynamically' allocated IPs from the file, don't write to it ifconfig-pool-persist "ippool" 0 #31557600 #verbosity in log verb 4 #working directory of openvpn cd "/etc/openvpn" #become a daemon after startup, log to syslog daemon #certificate and CA-file ca "keys/ca.crt" dh "dh1024.pem" cert "keys/SRV.crt" key "keys/SRV.key" #device type #dev-type tap #only needed if !($dev =~ m/^tap/) dev tap0 #close the connection after <n> seconds of inactivity #experimental! inactive 600 #ping the remote (cryptographically) after 10 seconds of inactivity, #restart connection after 60s of inactivity keepalive 10 30 #mlock() openvpns memory, so that it won't be swapped out mlock ###not needed by now #up <script> #up-delay <seconds> #time before running 'up' #down #down-pre ###enable proxy arp up ./script_proxyarp_enable ###give up privileges ##Push-scripts don't work if you specify this! #user nobody #group nogroup ###specify link-mtu small enough (1408=1024+256+128), to be safe link-mtu 1408 ###use compression comp-lzo ###use pam plugin plugin /usr/lib/openvpn/openvpn-auth-pam.so openvpn username-as-common-name #client-cert-not-required ###allow communication directly between clients, too #client-to-client #client configuration directory, e.g. for certificates #we use this only to push client-specific routes and DNS-settings client-config-dir "clients/" ###limit maximum number of concurrent clients max-clients 16 ###set the cipher type (see --show-ciphers) cipher AES-256-CBC
