Comments (10)
Hi @bmeirellesRJ ! thanks for the report!
The error you are reporting is related to the peer timing out due to no data over the tunnel.
Can you tell us something more about the issue? Does it happen right away? Was the client exchanging data properly before the error happened?
Also, are you using the latest master branch from openvpn2?
from openvpn.
Hi, @ordex !
It's random, sometimes it goes by a few days without problem.
I was exchanging data. It is set to ping 10 restart 120. The client stops sending packets to the server's port 1194 and does not restart.
I am using the package distributed in debian bookworm, it is marked as 2.6.0~git20220818-1
The VPN has few clients, but it is in production. I can't test any time.
in addition to the DCO driver, "float" was activated on the client and server. Maybe the problem is this.
As soon as I test better, I'll give feedback.
Hugs and thank you
from openvpn.
Hey @bmeirellesRJ be careful with bookworm and production as the release is still in testing :)
This said, next time it happens, can you please check the output of dmesg
and see if there is any error related to ovpn-dco?
Thanks!
from openvpn.
Hi,
This message appeared today, but I don't know if this is the problem.
I will leave DCO disabled, when the new version of DCO and/or openvpn is released, I will test again
Thank you for your help
[63886.887411] OpenVPN data channel offload (ovpn-dco) 0.0+git20220816 -- (C) 2020-2022 OpenVPN, Inc.
[63887.111581] ovpn_encrypt_one: error while retrieving primary key slot
[63887.175408] ------------[ cut here ]------------
[63887.177640] WARNING: CPU: 0 PID: 14826 at lib/nlattr.c:117 nla_get_range_unsigned+0xee/0x100
[63887.180033] Modules linked in: poly1305_generic libpoly1305 poly1305_x86_64 chacha_generic chacha_x86_64 libchacha chacha20poly1305 ovpn_dco(OE) ip6_udp_tunnel udp_tunnel binfmt_misc nft_redir br_netfilter sch_htb nft_masq nf_log_syslog nft_log nft_nat nft_limit nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 tun nf_tables libcrc32c nfnetlink bridge snd_hdmi_lpe_audio snd_pcm snd_timer snd soundcore 8021q garp intel_rapl_msr stp intel_rapl_common mrp llc hci_uart btqca btrtl intel_soc_dts_thermal intel_soc_dts_iosf i915 intel_powerclamp btbcm btintel bluetooth coretemp kvm_intel jitterentropy_rng kvm sha512_ssse3 irqbypass drm_buddy sha512_generic nls_ascii drm_display_helper mei_hdcp cec intel_chtwc_int33fe nls_cp437 ghash_clmulni_intel iTCO_wdt intel_pmc_bxt rc_core vfat evdev cryptd joydev fat ctr iTCO_vendor_support at24 intel_cstate ttm serio_raw drbg watchdog mei_txe ansi_cprng drm_kms_helper mei efi_pstore pcspkr ecdh_generic ecc pwm_lpss_platform button
[63887.180172] pwm_lpss sg 8812au(OE) cfg80211 rfkill drm fuse configfs efivarfs ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 crc32c_generic hid_generic usbhid sd_mod t10_pi crc64_rocksoft crc64 crc_t10dif crct10dif_generic ahci libahci xhci_pci libata xhci_hcd crct10dif_pclmul crct10dif_common igb crc32_pclmul crc32c_intel psmouse i2c_algo_bit i2c_i801 usbcore lpc_ich scsi_mod i2c_smbus dca ptp pps_core usb_common scsi_common i2c_hid_acpi i2c_hid hid video
[63887.202912] CPU: 0 PID: 14826 Comm: openvpn Tainted: G W OE 5.19.0-1-amd64 OpenVPN/ovpn-dco#1 Debian 5.19.6-1
[63887.205182] Hardware name: Default string Default string/Aptio CRB, BIOS 5.6.5 08/01/2021
[63887.207456] RIP: 0010:nla_get_range_unsigned+0xee/0x100
[63887.209709] Code: 5d 48 8b 50 08 48 8b 00 48 89 56 08 48 89 06 c3 cc cc cc cc 48 c7 c2 ff ff ff ff e9 59 ff ff ff ba ff ff ff ff e9 4f ff ff ff <0f> 0b e9 2b ff ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 55 0f b6 07
[63887.214115] RSP: 0018:ffffbfa3c434b8c0 EFLAGS: 00010286
[63887.216239] RAX: 0000000000000004 RBX: ffff9c8702a29828 RCX: 000000000000003e
[63887.218316] RDX: 0000000000000000 RSI: ffffbfa3c434b928 RDI: ffffffffc1565b70
[63887.220307] RBP: ffffbfa3c434b8c0 R08: 0000000000000000 R09: ffffbfa3c434b928
[63887.222155] R10: 0000000000000001 R11: ffff9c87002d9840 R12: 0000000000000002
[63887.224029] R13: ffffbfa3c434bb90 R14: 0000000000000000 R15: 0000000000000000
[63887.225865] FS: 00007f1cfbc65800(0000) GS:ffff9c8837e00000(0000) knlGS:0000000000000000
[63887.227779] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[63887.229551] CR2: 0000562a5a7c0000 CR3: 0000000108d06000 CR4: 00000000001006f0
[63887.231404] Call Trace:
[63887.233233]
[63887.234979] __nla_validate_parse+0x345/0xc10
[63887.236741] ? crypto_aead_setauthsize+0x2e/0x50
[63887.238445] ? select_task_rq_fair+0x174/0x1270
[63887.240144] __nla_validate_parse+0x411/0xc10
[63887.241812] __nla_parse+0x22/0x30
[63887.243471] genl_family_rcv_msg_attrs_parse.constprop.0+0x8f/0xf0
[63887.245163] genl_family_rcv_msg_doit+0x5f/0x150
[63887.246827] ? _raw_spin_unlock_irqrestore+0x23/0x40
[63887.248495] ? __wake_up_common_lock+0x8a/0xc0
[63887.250114] ? bpf_lsm_capset+0x10/0x10
[63887.251765] genl_rcv_msg+0xdc/0x1e0
[63887.253355] ? ovpn_netlink_get_peer+0x1b0/0x1b0 [ovpn_dco]
[63887.254956] ? genl_get_cmd+0xe0/0xe0
[63887.256573] netlink_rcv_skb+0x51/0x100
[63887.258169] genl_rcv+0x24/0x40
[63887.259764] netlink_unicast+0x23e/0x360
[63887.261355] netlink_sendmsg+0x24e/0x4b0
[63887.262940] sock_sendmsg+0x62/0x70
[63887.264530] ____sys_sendmsg+0x230/0x270
[63887.266117] ? import_iovec+0x2d/0x40
[63887.267707] ? sendmsg_copy_msghdr+0x7d/0xa0
[63887.269300] ___sys_sendmsg+0x81/0xc0
[63887.270882] ? generic_perform_write+0x141/0x200
[63887.272480] ? ext4_buffered_write_iter+0x91/0x110 [ext4]
[63887.274125] ? new_sync_write+0x106/0x190
[63887.275746] __sys_sendmsg+0x59/0xa0
[63887.277340] do_syscall_64+0x3b/0xc0
[63887.278902] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[63887.280458] RIP: 0033:0x7f1cfbb0b443
[63887.281996] Code: 64 89 02 48 c7 c0 ff ff ff ff eb b9 66 2e 0f 1f 84 00 00 00 00 00 90 64 8b 04 25 18 00 00 00 85 c0 75 14 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 55 c3 0f 1f 40 00 48 83 ec 28 89 54 24 1c 48
[63887.285224] RSP: 002b:00007ffdcf8965b8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[63887.286820] RAX: ffffffffffffffda RBX: 0000562a5b0f7b40 RCX: 00007f1cfbb0b443
[63887.288390] RDX: 0000000000000000 RSI: 00007ffdcf8965f0 RDI: 0000000000000005
[63887.289905] RBP: 0000562a5b17c010 R08: 0000562a5b10a188 R09: 0000000000000000
[63887.291370] R10: 0000000000000020 R11: 0000000000000246 R12: 0000562a5b17b840
[63887.292796] R13: 00007ffdcf8965f0 R14: 0000562a5b18ba6c R15: 0000000000000001
[63887.294170]
[63887.295495] ---[ end trace 0000000000000000 ]---
from openvpn.
Thanks for the log! To make sure I understand: did this log appear around the time when the connection dropped? Or you don't know for sure?
from openvpn.
I restarted the client after +-12 hours this message appeared. the connection was ok.
the DCO Driver on server is sending the wrong signal to the client. I configured ping 10 restart 120
2022-09-19 17:26:15 Bruno-Casa/2804:14d:5ca0::XXX SIGTERM[soft,ovpn-dco: ping expired] received, client-instance exiting
2022-09-23 10:18:09 Bruno-Casa/2804:14d:5ca0::XXX SIGUSR1[soft,ping-restart] received, client-instance restarting
I think there are other problems, but I'm going to travel and I'll be back in 15 or 20 days
from openvpn.
2022-09-19 17:26:15 Bruno-Casa/2804:14d:5ca0::XXX SIGTERM[soft,ovpn-dco: ping expired] received, client-instance exiting
2022-09-23 10:18:09 Bruno-Casa/2804:14d:5ca0::XXX SIGUSR1[soft,ping-restart] received, client-instance restarting
this was very helpful, thanks!
A potential fix for this issue has been sent to the mailing list - however I am waiting for feedback to make sure this is the correct approach.
from openvpn.
2022-09-19 17:26:15 Bruno-Casa/2804:14d:5ca0::XXX SIGTERM[soft,ovpn-dco: ping expired] received, client-instance exiting
2022-09-23 10:18:09 Bruno-Casa/2804:14d:5ca0::XXX SIGUSR1[soft,ping-restart] received, client-instance restartingthis was very helpful, thanks! A potential fix for this issue has been sent to the mailing list - however I am waiting for feedback to make sure this is the correct approach.
no need to thank, hugs
from openvpn.
apparently this is just a cosmetic thing, but sending USR1 or TERM in server mode makes no difference in that context. So this is not really an issue
from openvpn.
from openvpn.
Related Issues (20)
- Avoid unlimited reconnects with failing client connections HOT 20
- ifconfig_broadcast environment variable is empty since 2.5 HOT 4
- problem with dns assignment HOT 4
- p2p tun configs break with new topology default in non-obvious ways HOT 8
- OpenVPN with mbed TLS: no warning for unsupported LZO compression — successfully connects without warning but not operable HOT 8
- DNS for remote server not refreshed after power hibernation and restoring HOT 3
- --preresolve is not documented HOT 1
- Installation package download problem HOT 2
- key_state_gen_auth_control_files has subtle logic mistake HOT 2
- The OpenVPN process exits unexpectedly when using the DCO kernel module HOT 13
- tapctl.exe creates an adapter, but fails to rename it HOT 5
- Problems when reconnecting OpenVPN HOT 1
- I'm getting a certificate error when I use OpenVPN to access a website with HSTS turned on.
- The openvpn client suddenly disconnects HOT 3
- VPN stop working HOT 4
- Debian / Ubuntu: OpenVPN apt repositories HOT 2
- Unfair treatment for "Stub" Compression push? HOT 4
- connect error on kali linux HOT 9
- The visited host is unable to obtain the client IP of OpenVPN, only the IP of the OpenVPN server will be obtained HOT 1
- Cannot connect more than one client from behind a NAT firewall HOT 12
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openvpn.