Bug#524808: openvpn exits instead of restarting connection

Robin Sheat Sun, 19 Apr 2009 19:33:59 -0700

Package: openvpn
Version: 2.1~rc11-1
Severity: important

OpenVPN is being used to connect a remote server to a LAN. Sometimes the
internet connectivity will go down for a little bit, and OpenVPN will
try to reconnect. This reconnection happens fine, but OpenVPN attempts
to reconfigure the routes (or something) and this fails, and it exits.


It's quite important in many cases that openvpn does not stop running.

syslog of this happening:
Apr 20 05:06:47 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
[remote-vpn] Inactivity timeout (--ping-restart), restarting
Apr 20 05:06:47 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
TCP/UDP: Closing socket
Apr 20 05:06:47 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
SIGUSR1[soft,ping-restart] received, process restarting
Apr 20 05:06:47 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
Restart pause, 2 second(s)
Apr 20 05:06:49 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
Re-using SSL/TLS context
Apr 20 05:06:49 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
LZO compression initialized
Apr 20 05:06:49 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Apr 20 05:06:49 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Apr 20 05:06:49 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
Local Options hash (VER=V4): '41690919'
Apr 20 05:06:49 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
Expected Remote Options hash (VER=V4): '530fdded'
Apr 20 05:06:49 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
Socket Buffers: R=[110592->131072] S=[110592->131072]
Apr 20 05:06:49 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
UDPv4 link local: [undef]
Apr 20 05:06:49 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
UDPv4 link remote: 222.154.---.--:1195
Apr 20 05:07:49 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
TLS Error: TLS key negotiation failed to occur within 60 seconds (check
your network connectivity)
Apr 20 05:07:49 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
TLS Error: TLS handshake failed
Apr 20 05:07:49 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
TCP/UDP: Closing socket
Apr 20 05:07:49 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
SIGUSR1[soft,tls-error] received, process restarting
Apr 20 05:07:49 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
Restart pause, 2 second(s)
Apr 20 05:07:51 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
Re-using SSL/TLS context
Apr 20 05:07:51 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
LZO compression initialized
Apr 20 05:07:51 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Apr 20 05:07:51 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Apr 20 05:07:51 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
Local Options hash (VER=V4): '41690919'
Apr 20 05:07:51 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
Expected Remote Options hash (VER=V4): '530fdded'
Apr 20 05:07:51 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
Socket Buffers: R=[110592->131072] S=[110592->131072]
Apr 20 05:07:51 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
UDPv4 link local: [undef]
Apr 20 05:07:51 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
UDPv4 link remote: 222.154.---.--:1195
Apr 20 05:08:20 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
TLS: Initial packet from 222.154.---.--:1195, sid=18e1b300 bbdeff2e
Apr 20 05:08:22 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
VERIFY OK: depth=1,
/C=NZ/L=Dunedin/O=Profiler_Corp/CN=Profiler_Corp_CA/[email protected]
Apr 20 05:08:22 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
VERIFY OK: nsCertType=SERVER
Apr 20 05:08:22 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
VERIFY OK: depth=0,
/C=NZ/L=Dunedin/O=Profiler_Corp/CN=remote-vpn/[email protected]
Apr 20 05:08:25 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
Data Chan
nel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Apr 20 05:08:25 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC
authentication
Apr 20 05:08:25 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Apr 20 05:08:25 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC
authentication
Apr 20 05:08:25 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit
RSA
Apr 20 05:08:25 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
[remote-vpn] Peer Connection Initiated with 222.154.---.--:1195
Apr 20 05:08:26 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
SENT CONTROL [remote-vpn]: 'PUSH_REQUEST' (status=1)
Apr 20 05:08:26 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
PUSH: Received control message: 'PUSH_REPLY,route 10.10.0.0
255.255.255.0,route 10.12.0.1,topology net30,ping 30,ping-restart
120,ifconfig 10.12.0.10 10.12.0.9'
Apr 20 05:08:26 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
OPTIONS IMPORT: timers and/or timeouts modified
Apr 20 05:08:26 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
OPTIONS IMPORT: --ifconfig/up options modified
Apr 20 05:08:26 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
OPTIONS IMPORT: route options modified
Apr 20 05:08:26 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
Preserving previous TUN/TAP instance: tun0
Apr 20 05:08:26 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
NOTE: Pulled options changed on restart, will need to close and reopen
TUN/TAP device.
Apr 20 05:08:26 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
/sbin/route del -net 10.12.0.1 netmask 255.255.255.255
Apr 20 05:08:26 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
ERROR: Linux route delete command failed: external program exited with
error status: 7
Apr 20 05:08:26 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
/sbin/route del -net 10.10.0.0 netmask 255.255.255.0
Apr 20 05:08:26 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
ERROR: Linux route delete command failed: external program exited with
error status: 7
Apr 20 05:08:26 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
Closing TUN/TAP interface
Apr 20 05:08:26 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
/sbin/ifconfig tun0 0.0.0.0
Apr 20 05:08:26 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
Linux ip addr del failed: external program exited with error status: 255
Apr 20 05:08:27 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
ROUTE default_gateway=10.249.114.1
Apr 20 05:08:27 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
Note: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1)
Apr 20 05:08:27 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
Note: Attempting fallback to kernel 2.2 TUN/TAP interface
Apr 20 05:08:27 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
Cannot allocate TUN/TAP dev dynamically
Apr 20 05:08:27 domU-12-31-39-03-71-13 ovpn-profiler-ec2-client[9250]:
Exiting


-- System Information:
Debian Release: 5.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.21.7-2.fc8xen (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages openvpn depends on:
ii  debconf [debconf-2.0]         1.5.24     Debian configuration management sy
ii  libc6                         2.7-18     GNU C Library: Shared libraries
ii  liblzo2-2                     2.03-1     data compression library
ii  libpam0g                      1.0.1-5    Pluggable Authentication Modules l
ii  libpkcs11-helper1             1.05-1     library that simplifies the intera
ii  libssl0.9.8                   0.9.8g-15  SSL shared libraries
ii  openssl-blacklist             0.4.2      list of blacklisted OpenSSL RSA ke
ii  openvpn-blacklist             0.3        list of blacklisted OpenVPN RSA sh

Versions of packages openvpn recommends:
ii  net-tools                     1.60-22    The NET-3 networking toolkit

Versions of packages openvpn suggests:
ii  openssl                       0.9.8g-15  Secure Socket Layer (SSL) binary a
pn  resolvconf                    <none>     (no description available)

-- debconf information:
  openvpn/vulnerable_prng:
  openvpn/create_tun: false



-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Bug#524808: openvpn exits instead of restarting connection

Reply via email to