Opened 6 years ago

Last modified 6 years ago

#881 new Bug / Defect

OpenVPN v2.4 breaks --status formatting of client IP:port on FreeBSD

Reported by: David Sommerseth Owned by:
Priority: major Milestone:
Component: Networking Version: OpenVPN 2.4.0 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords: freebsd bsd status regression
Cc: Gert Döring, plaisthos


Received report on #openvpn that the format of --status files where different from v2.3.12 to v2.4.x

In v2.3.12, you can see:
Test-Client,x.x.x.x:53176,5220,5420,Sun Apr 30 17:27:07 2017

While in v2.4.0
Test-Client,x.x.x.x,5220,5420,Sun Apr 30 17:27:07 2017

I did a git bisect to locate this issue, and it stopped at this commit:

$ git bisect bad
8832c6c4cf7d1425684dd8e56984e407fe3e2aac is the first bad commit
commit 8832c6c4cf7d1425684dd8e56984e407fe3e2aac
Author: Arne Schwabe <>
Date:   Mon Nov 25 13:31:18 2013 +0100

    Implement listing on IPv4/IPv6 dual socket on all platform
    With this patch OpenVPN will listen on Ipv4 as well as IPv6 when an IPv6
    socket is used. Using bind ipv6only will disable this behavior
    Acked-by: Gert Doering <>
    Message-Id: <>
    Signed-off-by: Gert Doering <>

The complete git bisect log:

$ git bisect log   
git bisect start
# good: [8990b218fa9db71714ac42b0095c594e19861320] Preparing release of v2.3.12
git bisect good 8990b218fa9db71714ac42b0095c594e19861320
# bad: [9e0963c11aa439deb382d7d6bc40b6ade999401c] New approach to handle peer-id related changes to link-mtu.
git bisect bad 9e0963c11aa439deb382d7d6bc40b6ade999401c
# good: [6abd293e5c04467a17e6ed4cf01c708cef0ac046] Preparing for v2.3_beta1
git bisect good 6abd293e5c04467a17e6ed4cf01c708cef0ac046
# bad: [3173787a0beea7c335b1aaedcd2ca5303b17bc22] Fix compiler warning for unused result of write()
git bisect bad 3173787a0beea7c335b1aaedcd2ca5303b17bc22
# good: [8476edbb1748e11de0e4fda8989c9e470285926b] Only print script warnings when a script is used. Remove stray mention of script-security system.
git bisect good 8476edbb1748e11de0e4fda8989c9e470285926b
# good: [076fd3e46bbbe6261317d58cc2442f8eccc927ce] Change the type of all ports in openvpn to const char* and let getaddrinfo resolve the port together with the hostname.
git bisect good 076fd3e46bbbe6261317d58cc2442f8eccc927ce
# bad: [925b8a463b78620c1f856a0224396ac7d53e6295] Support non-ASCII characters in Windows tmp path
git bisect bad 925b8a463b78620c1f856a0224396ac7d53e6295
# good: [282788a835f6c9dfb85e8f9a3bd45f5841271b06] Fix assertion when SIGUSR1 is received while getaddrinfo is successful
git bisect good 282788a835f6c9dfb85e8f9a3bd45f5841271b06
# good: [aa162d44edae8530391775b55e7b4f149548537e] When resolving fails print the error message from socket layer
git bisect good aa162d44edae8530391775b55e7b4f149548537e
# good: [68793f40e1d04409264d21dd24453d959828a306] Move ASSERT so external-key with OpenSSL works again
git bisect good 68793f40e1d04409264d21dd24453d959828a306
# bad: [451de0a8d61a8a2c4a049837374a728090b4e4d6] Fix IPv6_V6ONLY logic.
git bisect bad 451de0a8d61a8a2c4a049837374a728090b4e4d6
# bad: [8832c6c4cf7d1425684dd8e56984e407fe3e2aac] Implement listing on IPv4/IPv6 dual socket on all platform
git bisect bad 8832c6c4cf7d1425684dd8e56984e407fe3e2aac
# first bad commit: [8832c6c4cf7d1425684dd8e56984e407fe3e2aac] Implement listing on IPv4/IPv6 dual socket on all platform

Change History (2)

comment:1 Changed 6 years ago by David Sommerseth

Please note, this seems to be a BSD related bug. This issue does not appear on Linux at all.

comment:2 in reply to:  1 Changed 6 years ago by Gert Döring

Replying to dazo:

Please note, this seems to be a BSD related bug. This issue does not appear on Linux at all.

That would surprise me, as there should not be anything OS related anywhere close to printing of IP address (+port)... but it might have to do with the version of the --status file (= you see a different version in your linux tests).

In fact, there's another open trac where the submitter complained that the notation of "ip:port" breaks for IPv6 (2001:dba::1:53 - what is address, what is port?), and there we found that (pre-2.4) master did not log the port at all... so this looks like a regression, and while at it, we should address #664... while this was about management interface, the status line printing is the same for status file and management.

Note: See TracTickets for help on using tickets.