Opened 23 months ago
Closed 23 months ago
#1466 closed Bug / Defect (notabug)
Management interface stops working after some time
| Reported by: | artur.zabronski | Owned by: | jamesyonan |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | Management | Version: | OpenVPN 2.5.6 (Community Ed) |
| Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | |
| Cc: |
Description
In our solution we are using management interface to authorize clients but after some time (several minutes, few hours) socket stops working - server not sending anything anymore, connection remains established. We've been trying to find the problem for a long time, during this time we have come to certain conclusions:
- type of socket doesn't matter - this happen on UNIX socket and TCP socket
- problem exists on Alpine Linux 3.16 with OpenVPN version 2.5.6 and exists on Debian Bullseye with OpenVPN version 2.5.1
- exists strange correlation with logging to file - problem doesn't happen when server has turned on logging to file (log /tmp/openvpn.log)
Example server config:
port 1194 proto udp4 dev tun verb 3 # log /tmp/openvpn.log management-hold management-client-auth management-query-passwords auth-user-pass-optional fast-io sndbuf 524288 rcvbuf 524288 cipher none client-to-client keepalive 10 120 tls-server key-direction 0 topology subnet server 10.250.0.0 255.255.0.0 route 10.10.0.0 255.252.0.0 push "topology subnet" push "route 10.10.0.0 255.252.0.0" <tls-auth> ... </tls-auth> <ca> ... </ca> <cert> ... </cert> <key> ... </key> <dh> ... </dh>
Code working with management socket after connection sends three lines:
bytecount 5 log on hold release
Next, only responds to authorize requests (CONNECT/REAUTH) with:
client-auth <cid> <kid> END
This works for sometime, clients was connected, for each client in 5s intervals BYTECOUNT_CLI was sent by server and suddenly server stops sending BYTECOUNT_CLI and authorize requests. At the time client cannot connect to server:
2022-06-10 03:33:10 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 2022-06-10 03:33:10 TLS Error: TLS handshake failed
Change History (2)
comment:1 Changed 23 months ago by
comment:2 Changed 23 months ago by
| Resolution: | → notabug |
|---|---|
| Status: | new → closed |
Problem was solved and ticket can be closed. After last hang I've checked process by strace and I saw that it hangs on write log string to pipe. I've checked code which runs OpenVPN server and stdout is not read after process started and this leds to full buffer.