Opened 4 years ago

Closed 4 years ago

#1270 closed Bug / Defect (fixed)

OpenVPN-Server crash "Assertion failed at ssl.c:1944"

Reported by: hoize28 Owned by:
Priority: major Milestone:
Component: Generic / unclassified Version:
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:



actually we have multiple OpenVPN-Instances running on multiple nodes. Sometimes the OpenVPN-Service crashes with error "Assertion failed at ssl.c:1944".
We already tried increasing debug-level to "verb 6", but there are to less information. So we are going to increase it further.

Here a snippet of the log:

Tue Apr  7 16:44:04 2020 us=988966 <user>/<oip:port> UDPv4 READ [96] from [AF_INET]<oip:port>: P_CONTROL_V1 kid=0 pid=[ #12 ] [ ] pid=6 DATA len=42
Tue Apr  7 16:44:04 2020 us=989052 <user>/<oip:port> PUSH: Received control message: 'PUSH_REQUEST'
Tue Apr  7 16:44:04 2020 us=989117 <user>/<oip:port> SENT CONTROL [<user>]: 'PUSH_REPLY,route,route,route,route-gateway,dhcp-option DNS,dhcp-option DNS,dhcp-option WINS,dhcp-option WINS,dhcp-option DOMAIN productive.local,ip-win32 dynamic lease-time 3600,route-gateway,topology subnet,ping 10,ping-restart 45,ifconfig,peer-id 39,cipher AES-256-GCM' (status=1)
Tue Apr  7 16:44:04 2020 us=989134 <user>/<oip:port> Data Channel: using negotiated cipher 'AES-256-GCM'
Tue Apr  7 16:44:04 2020 us=989158 <user>/<oip:port> Data Channel MTU parms [ L:1554 D:1300 EF:54 EB:407 ET:0 EL:3 ]
Tue Apr  7 16:44:04 2020 us=989170 <user>/<oip:port> Assertion failed at ssl.c:1944 (ks->authenticated)
Tue Apr  7 16:44:04 2020 us=989181 <user>/<oip:port> Exiting due to fatal error
Tue Apr  7 16:44:04 2020 us=989223 <user>/<oip:port> Closing TUN/TAP interface
Tue Apr  7 16:44:04 2020 us=989241 <user>/<oip:port> /sbin/ifconfig tun0
SIOCSIFADDR: Operation not permitted
SIOCSIFFLAGS: Operation not permitted
Tue Apr  7 16:44:04 2020 us=993063 <user>/<oip:port> Linux ip addr del failed: external program exited with error status: 255
AUTH-PAM: BACKGROUND: received command code: 1

Information about the server:

  • Debian 9.11
  • OpenVPN-Versions (community edition): 2.4.7 and 2.4.8

Information regarding build options:

OpenVPN 2.4.8 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr  2 2020
library versions: OpenSSL 1.1.0l  10 Sep 2019, LZO 2.08
Originally developed by James Yonan
Copyright (C) 2002-2018 OpenVPN Inc <>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=no enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=no enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=no enable_werror=no enable_win32_dll=yes enable_x509_alt_username=no with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no

Maybe someone already has experience with this error and could help me?

Thank you!

Kind regards,

Change History (5)

comment:1 Changed 4 years ago by tct

Hi Manuel,

this is just a test post to find out if you are receiving email notifications of updates to this ticket. Some users have experienced problems.

Please respond if you get this update.

Unfortunately, I cannot help with the assertion error.

comment:2 Changed 4 years ago by hoize28

Hi tincantech,

unfortunately I didn't get any mail.

Could someone else please help me with this case, or does anyone have such problems?
Thank you!

comment:3 Changed 4 years ago by tct

This problem has been addressed by the following patch:

comment:4 Changed 4 years ago by Gert Döring

Can we close this now, since the patch is in?

commit 984bd1e1601e4b9562dbc88b02a8db60b884286f (master)
commit 098edbb1f5a2e1360fd6a4ae0642b63bec12e992 (release/2.4)
Author: Jeremy Evans
Date: Wed May 20 11:34:04 2020 -0700

Switch assertion failure to returning false

comment:5 Changed 4 years ago by Gert Döring

Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.