Opened 13 years ago
Closed 13 years ago
#116 closed Bug / Defect (fixed)
Very slow initialization and inactivity timeout with PKCS#11
| Reported by: | jaanvajakas | Owned by: | |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | Generic / unclassified | Version: | OpenVPN 2.1.4 (Community Ed) |
| Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | |
| Cc: |
Description
I am trying to connect using PKCS#11 authentication (with an esteid smart card). OpenVPN takes a long time to initalize the connection (2 minutes and 11 seconds from entering PIN to "Initialization Sequence Completed") and after that it immediately says "Inactivity timeout (--ping-restart), restarting", forcing me to re-enter the PIN; it will never manage to connect successfully.
In the log (with the option verb 11) I can see that OpenVPN spends most of it time in pkcs11h_forkFixup that it performs before "/sbin/route add" calls (8 seconds for each pkcs11h_forkFixup call).
Maybe this is the problem found by Jan Just Keijser:
http://permalink.gmane.org/gmane.network.openvpn.devel/4129
I am using openSUSE 11.4 and openVPN 2.1.4; openVPN 2.2-RC2 displayed the same behavior.
Change History (3)
comment:1 Changed 13 years ago by
comment:2 Changed 13 years ago by
Sorry, it seems that I missed that part of your message. Now I added 'script-security 2 system' and everything works fine (and it takes only 3 seconds to connect). Thank you very much, Jan Just!
comment:3 Changed 13 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
did you try my suggest solution (adding 'script-security 2 system') ?