Opened 8 months ago

Closed 8 months ago

#1466 closed Bug / Defect (notabug)

Management interface stops working after some time

Reported by: artur.zabronski Owned by: jamesyonan
Priority: major Milestone:
Component: Management Version: OpenVPN 2.5.6 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:


In our solution we are using management interface to authorize clients but after some time (several minutes, few hours) socket stops working - server not sending anything anymore, connection remains established. We've been trying to find the problem for a long time, during this time we have come to certain conclusions:

  • type of socket doesn't matter - this happen on UNIX socket and TCP socket
  • problem exists on Alpine Linux 3.16 with OpenVPN version 2.5.6 and exists on Debian Bullseye with OpenVPN version 2.5.1
  • exists strange correlation with logging to file - problem doesn't happen when server has turned on logging to file (log /tmp/openvpn.log)

Example server config:

port 1194
proto udp4
dev tun
verb 3
# log /tmp/openvpn.log
sndbuf 524288
rcvbuf 524288
cipher none
keepalive 10 120
key-direction 0
topology subnet
push "topology subnet"
push "route"

Code working with management socket after connection sends three lines:

bytecount 5
log on
hold release

Next, only responds to authorize requests (CONNECT/REAUTH) with:

client-auth <cid> <kid>

This works for sometime, clients was connected, for each client in 5s intervals BYTECOUNT_CLI was sent by server and suddenly server stops sending BYTECOUNT_CLI and authorize requests. At the time client cannot connect to server:

2022-06-10 03:33:10 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-06-10 03:33:10 TLS Error: TLS handshake failed

Change History (2)

comment:1 Changed 8 months ago by artur.zabronski

Problem was solved and ticket can be closed. After last hang I've checked process by strace and I saw that it hangs on write log string to pipe. I've checked code which runs OpenVPN server and stdout is not read after process started and this leds to full buffer.

comment:2 Changed 8 months ago by Selva Nair

Resolution: notabug
Status: newclosed
Note: See TracTickets for help on using tickets.