Package: openvpn Version: 2.0.9-4etch1 Severity: normal If the learn-address script returns an error, openvpn still leaves the connection open, but no packets are exchanged over it, and I get a lot of messages like the following in my syslog:
Jun 16 19:55:24 qix ovpn-server[2486]: areed/71.174.117.46:4759 WARNING: learn-address command failed: shell command exited with error status: 13 Jun 16 19:55:24 qix ovpn-server[2486]: areed/71.174.117.46:4759 MULTI: Learn FAILED: 00:ff:01:bf:d7:f8 -> areed/71.174.117.46:4759 Jun 16 19:55:24 qix ovpn-server[2486]: areed/71.174.117.46:4759 MULTI: bad source address from client [00:ff:01:bf:d7:f8], packet dropped Jun 16 19:55:25 qix ovpn-server[2486]: areed/71.174.117.46:4759 WARNING: learn-address command failed: shell command exited with error status: 13 Jun 16 19:55:25 qix ovpn-server[2486]: areed/71.174.117.46:4759 MULTI: Learn FAILED: 00:ff:01:bf:d7:f8 -> areed/71.174.117.46:4759 Jun 16 19:55:25 qix ovpn-server[2486]: areed/71.174.117.46:4759 MULTI: bad source address from client [00:ff:01:bf:d7:f8], packet dropped I like that a failure of learn-address prevenst the connection from working, since I depend on learn-address to set up filtering that's needed for some VPN connections to be firewalled properly, but I would prefer if the connection would be closed properly rather than remaining in what looks like an indeterminate (and not immediately straightforward to debug) state. Cheers. -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-6-686 Locale: LANG=en_US.ISO-8859-1, LC_CTYPE=en_US.ISO-8859-1 (charmap=ISO-8859-1) Versions of packages openvpn depends on: ii debconf [debconf-2.0] 1.5.11etch1 Debian configuration management sy ii libc6 2.3.6.ds1-13etch5 GNU C Library: Shared libraries ii liblzo2-2 2.02-2 data compression library ii libssl0.9.8 0.9.8c-4etch3 SSL shared libraries openvpn recommends no packages. -- debconf-show failed -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
