Opened 2 months ago

Closed 2 months ago

#1466 closed Bug / Defect (notabug)

Management interface stops working after some time

Reported by: artur.zabronski Owned by: jamesyonan
Priority: major Milestone:
Component: Management Version: OpenVPN 2.5.6 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc:

Description

In our solution we are using management interface to authorize clients but after some time (several minutes, few hours) socket stops working - server not sending anything anymore, connection remains established. We've been trying to find the problem for a long time, during this time we have come to certain conclusions:

  • type of socket doesn't matter - this happen on UNIX socket and TCP socket
  • problem exists on Alpine Linux 3.16 with OpenVPN version 2.5.6 and exists on Debian Bullseye with OpenVPN version 2.5.1
  • exists strange correlation with logging to file - problem doesn't happen when server has turned on logging to file (log /tmp/openvpn.log)

Example server config:

port 1194
proto udp4
dev tun
verb 3
# log /tmp/openvpn.log
management-hold
management-client-auth
management-query-passwords
auth-user-pass-optional
fast-io
sndbuf 524288
rcvbuf 524288
cipher none
client-to-client
keepalive 10 120
tls-server
key-direction 0
topology subnet
server 10.250.0.0 255.255.0.0
route 10.10.0.0 255.252.0.0
push "topology subnet"
push "route 10.10.0.0 255.252.0.0"
<tls-auth>
...
</tls-auth>
<ca>
...
</ca>
<cert>
...
</cert>
<key>
...
</key>
<dh>
...
</dh>

Code working with management socket after connection sends three lines:

bytecount 5
log on
hold release

Next, only responds to authorize requests (CONNECT/REAUTH) with:

client-auth <cid> <kid>
END

This works for sometime, clients was connected, for each client in 5s intervals BYTECOUNT_CLI was sent by server and suddenly server stops sending BYTECOUNT_CLI and authorize requests. At the time client cannot connect to server:

2022-06-10 03:33:10 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-06-10 03:33:10 TLS Error: TLS handshake failed

Change History (2)

comment:1 Changed 2 months ago by artur.zabronski

Problem was solved and ticket can be closed. After last hang I've checked process by strace and I saw that it hangs on write log string to pipe. I've checked code which runs OpenVPN server and stdout is not read after process started and this leds to full buffer.

comment:2 Changed 2 months ago by Selva Nair

Resolution: notabug
Status: newclosed
Note: See TracTickets for help on using tickets.