Opened 8 years ago

Closed 8 years ago

#288 closed Bug / Defect (fixed)

v2.3.1/IPv6 with proto tcp6 fails to launch; proto udp6 is OK.

Reported by: darx Owned by:
Priority: major Milestone:
Component: IPv6 Version: OpenVPN 2.3.1 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc:

Description

I'm running openvpn 2.3.1 over IPv6, built from src.

When using proto == udp6 , works OK.

Switch to proto == tcp6 causes launch FAIL @ "Assertion failed at socket.c:726"

openvpn --version
	OpenVPN 2.3.1 x86_64-suse-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [eurephia] [MH] [IPv6] built on Apr 30 2013
	Originally developed by James Yonan
	Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
	Compile time defines: enable_crypto=yes enable_debug=yes enable_def_auth=yes enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_eurephia=yes enable_fast_install=needless enable_fragment=yes enable_http_proxy=yes enable_iproute2=no enable_libtool_lock=yes enable_lzo=yes enable_lzo_stub=no enable_management=yes enable_multi=yes enable_multihome=yes enable_pam_dlopen=no enable_password_save=no enable_pedantic=no enable_pf=yes enable_pkcs11=no enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_socks=yes enable_ssl=yes enable_static=no enable_strict=no enable_strict_options=no enable_systemd=yes enable_win32_dll=yes enable_x509_alt_username=no with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_plugindir='$(libdir)/openvpn/plugins' with_sysroot=no
	git revision: refs/heads/release23/eb16a92894b3d93c

grep proto /etc/openvpn/server.conf
	proto udp6


systemctl start  openvpn@server.service
systemctl status  openvpn@server.service
	openvpn@server.service - OpenVPN Server on server
	          Loaded: loaded (/etc/systemd/system/openvpn@.service; enabled)
	          Active: active (running) since Thu, 2013-05-02 11:53:56 PDT; 8s ago
	         Process: 8895 ExecStopPost=/etc/openvpn/down.script %i (code=exited, status=0/SUCCESS)
	         Process: 9163 ExecStart=/sbin/openvpn --daemon --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf (code=exited, status=0/SUCCESS)
	         Process: 9137 ExecStartPre=/etc/openvpn/up.script %i (code=exited, status=0/SUCCESS)
	        Main PID: 9164 (openvpn)
	          CGroup: name=systemd:/system/openvpn@.service/server
	                  └ 9164 /sbin/openvpn --daemon --writepid /var/run/openvpn/server...

	May 02 11:53:56 server.mydomain.com systemd[1]: Starting OpenVPN Server on server...
	May 02 11:53:56 server.mydomain.com up.script[9137]: Thu May  2 11:53:56 2013 TUN/TAP device tun1 opened
	May 02 11:53:56 server.mydomain.com up.script[9137]: Thu May  2 11:53:56 2013 Persist state set to: OFF
	May 02 11:53:56 server.mydomain.com up.script[9137]: Thu May  2 11:53:56 2013 TUN/TAP device tun1 opened
	May 02 11:53:56 server.mydomain.com up.script[9137]: Thu May  2 11:53:56 2013 Persist state set to: ON
	May 02 11:53:56 server.mydomain.com sudo[9144]: root : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/sbin/ip addr ...tun1
	May 02 11:53:56 server.mydomain.com systemd[1]: Started OpenVPN Server on server.

systemctl stop  openvpn@server.service

perl -pi -e 's|proto.*|proto tcp6|g' /etc/openvpn/server.conf
grep proto /etc/openvpn/server.conf
	proto tcp6

systemctl start  openvpn@server.service
	Job for openvpn@server.service failed. See 'systemctl status openvpn@server.service' and 'journalctl -n' for details.

systemctl status  openvpn@server.service
	openvpn@server.service - OpenVPN Server on server
	          Loaded: loaded (/etc/systemd/system/openvpn@.service; enabled)
	          Active: failed (Result: exit-code) since Thu, 2013-05-02 11:55:40 PDT; 16ms ago
	         Process: 9189 ExecStopPost=/etc/openvpn/down.script %i (code=exited, status=0/SUCCESS)
	         Process: 9262 ExecStart=/sbin/openvpn --daemon --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf (code=exited, status=1/FAILURE)
	         Process: 9224 ExecStartPre=/etc/openvpn/up.script %i (code=exited, status=0/SUCCESS)
	        Main PID: 9164 (code=exited, status=0/SUCCESS)
	          CGroup: name=systemd:/system/openvpn@.service/server

	May 02 11:55:40 server.mydomain.com systemd[1]: Starting OpenVPN Server on server...
	May 02 11:55:40 server.mydomain.com up.script[9224]: Thu May  2 11:55:40 2013 TUN/TAP device tun1 opened
	May 02 11:55:40 server.mydomain.com up.script[9224]: Thu May  2 11:55:40 2013 Persist state set to: OFF
	May 02 11:55:40 server.mydomain.com up.script[9224]: Thu May  2 11:55:40 2013 TUN/TAP device tun1 opened
	May 02 11:55:40 server.mydomain.com up.script[9224]: Thu May  2 11:55:40 2013 Persist state set to: ON
	May 02 11:55:40 server.mydomain.com sudo[9240]: root : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/sbin/ip addr ...tun1
	May 02 11:55:40 server.mydomain.com systemd[1]: Failed to start OpenVPN Server on server.
	May 02 11:55:40 server.mydomain.com systemd[1]: Unit openvpn@server.service entered ...tate


==> /var/log/openvpn/openvpn.log <==
	...
	Thu May  2 11:55:40 2013 us=260312 Incoming Control Channel Authentication: HMAC size=64 block_size=64
	Thu May  2 11:55:40 2013 us=260349 LZO compression initialized
	Thu May  2 11:55:40 2013 us=260377 MTU DYNAMIC mtu=0, flags=1, 0 -> 212
	Thu May  2 11:55:40 2013 us=260395 TLS: tls_session_init: entry
	Thu May  2 11:55:40 2013 us=260413 PID packet_id_init tcp_mode=1 seq_backtrack=64 time_backtrack=15
	Thu May  2 11:55:40 2013 us=260494 PID packet_id_init tcp_mode=1 seq_backtrack=64 time_backtrack=15
	Thu May  2 11:55:40 2013 us=260521 TLS: tls_session_init: new session object, sid=41b16a04 a3246294
	Thu May  2 11:55:40 2013 us=260534 TLS: tls_session_init: entry
	Thu May  2 11:55:40 2013 us=260549 PID packet_id_init tcp_mode=1 seq_backtrack=64 time_backtrack=15
	Thu May  2 11:55:40 2013 us=260602 PID packet_id_init tcp_mode=1 seq_backtrack=64 time_backtrack=15
	Thu May  2 11:55:40 2013 us=260623 TLS: tls_session_init: new session object, sid=fed95a97 bd10570d
	Thu May  2 11:55:40 2013 us=260638 Control Channel MTU parms [ L:1604 D:212 EF:112 EB:0 ET:0 EL:0 ]
	Thu May  2 11:55:40 2013 us=260667 MTU DYNAMIC mtu=1450, flags=2, 1604 -> 1450
	Thu May  2 11:55:40 2013 us=260689 Assertion failed at socket.c:726
	Thu May  2 11:55:40 2013 us=260702 Exiting due to fatal error

Change History (3)

comment:1 Changed 8 years ago by Gert Döring

proto tcp6-server

or

proto tcp6-client

there is not really a "proto tcp6"... (though the fact that it accepts the configuration and then crashes is a bug indeed).

comment:2 Changed 8 years ago by darx

changing

     port 443
-    proto tcp6
+    proto tcp6-server

@ launch now fails with

...
Thu May  2 13:08:02 2013 us=975028 MTU DYNAMIC mtu=1450, flags=2, 1604 -> 1450
Thu May  2 13:08:02 2013 us=975086 Socket Buffers: R=[87380->131072] S=[65536->131072]
Thu May  2 13:08:02 2013 us=975123 TCP/UDP: Socket bind failed on local address [undef]: Address already in use
Thu May  2 13:08:02 2013 us=975143 Exiting due to fatal error

checking, nothing seems to be using that 'local address'

grep ifconfig-ipv6 server.conf
	ifconfig-ipv6 2600:...:1 2001:...:1

lsof -wni tcp:443 | grep 2600:...:1
	(empty)

comment:3 Changed 8 years ago by JoshC

Resolution: fixed
Status: newclosed

A fix for the ASSERT failure has been included in the current git master sources and will be applied to the next release version.

The responsible commit can be found here: https://github.com/OpenVPN/openvpn/commit/d0ccb982e1714c8dfefd6eacf0c6f899eb71b582 .

Note: See TracTickets for help on using tickets.