Opened 9 years ago

Closed 9 years ago

#144 closed Bug / Defect (wontfix)

Openvpn client sends log to server, it causes "Bad encapsulated packet length from peer" message

Reported by: mass85 Owned by:
Priority: major Milestone:
Component: Generic / unclassified Version: OpenVPN 2.0.x (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc:

Description

When Openvpn 2.0.9 is started with default settings regarding logging (it logs to stdout) by some other application that forks, execs Openvpn and closes descriptors for stdin, stdout and stderr, Openvpn sends log to server after establishing TCP connection. When openvpn server receives this packet and in result it reports that it received big packet:

WARNING: Bad encapsulated packet length from peer (22373), which must be > 0 and <= 1544 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]

When you use Wireshark on server side you can see that this packet is in fact plain text, a fragment of log sent by client. In the packet length field there are two letters from abbreviation of current week day that is in log message (when it is Tuesday, we will get 21621B (0x5475).

Example of log received by server:
Tue Jun 21 18:36:05 2011 SIGUSR1[soft,connection-reset] received, process restarting
Tue Jun 21 18:36:10 2011 Re-using SSL/TLS context
Tue Jun 21 18:36:10 2011 LZO compression initialized
Tue Jun 21 18:36:10 2011 Attempting to establish TCP connection with 192.168.1.8:8894
Tue Jun 21 18:36:11 2011 TCP connection established with 192.168.1.8:8894

Attachments (1)

openvpn_server (13.7 KB) - added by mass85 9 years ago.

Download all attachments as: .zip

Change History (2)

Changed 9 years ago by mass85

Attachment: openvpn_server added

comment:1 Changed 9 years ago by David Sommerseth

Resolution: wontfix
Status: newclosed

OpenVPN 2.0.x is no longer supported. Please upgrade to 2.2.0 and try to reproduce the issue there. If the issue is still present on 2.2.0, we can re-open this ticket again with the proper version set.

FWIW, 2.0.9 was released in October 2006, and there has been no updates since that time. 2.2.0 was released April 2011. Running such old software is a security risk.

Note: See TracTickets for help on using tickets.