Error in server mode about openvpn HOT 10 OPEN

Hi @bmeirellesRJ ! thanks for the report!
The error you are reporting is related to the peer timing out due to no data over the tunnel.

Can you tell us something more about the issue? Does it happen right away? Was the client exchanging data properly before the error happened?

Also, are you using the latest master branch from openvpn2?

from openvpn.

Hi, @ordex !

It's random, sometimes it goes by a few days without problem.

I was exchanging data. It is set to ping 10 restart 120. The client stops sending packets to the server's port 1194 and does not restart.

I am using the package distributed in debian bookworm, it is marked as 2.6.0~git20220818-1

The VPN has few clients, but it is in production. I can't test any time.

in addition to the DCO driver, "float" was activated on the client and server. Maybe the problem is this.

As soon as I test better, I'll give feedback.

Hugs and thank you

from openvpn.

Hey @bmeirellesRJ be careful with bookworm and production as the release is still in testing :)
This said, next time it happens, can you please check the output of dmesg and see if there is any error related to ovpn-dco?

Thanks!

from openvpn.

Hi,

This message appeared today, but I don't know if this is the problem.

I will leave DCO disabled, when the new version of DCO and/or openvpn is released, I will test again

Thank you for your help

[63886.887411] OpenVPN data channel offload (ovpn-dco) 0.0+git20220816 -- (C) 2020-2022 OpenVPN, Inc.
[63887.111581] ovpn_encrypt_one: error while retrieving primary key slot
[63887.175408] ------------[ cut here ]------------
[63887.177640] WARNING: CPU: 0 PID: 14826 at lib/nlattr.c:117 nla_get_range_unsigned+0xee/0x100
[63887.180033] Modules linked in: poly1305_generic libpoly1305 poly1305_x86_64 chacha_generic chacha_x86_64 libchacha chacha20poly1305 ovpn_dco(OE) ip6_udp_tunnel udp_tunnel binfmt_misc nft_redir br_netfilter sch_htb nft_masq nf_log_syslog nft_log nft_nat nft_limit nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 tun nf_tables libcrc32c nfnetlink bridge snd_hdmi_lpe_audio snd_pcm snd_timer snd soundcore 8021q garp intel_rapl_msr stp intel_rapl_common mrp llc hci_uart btqca btrtl intel_soc_dts_thermal intel_soc_dts_iosf i915 intel_powerclamp btbcm btintel bluetooth coretemp kvm_intel jitterentropy_rng kvm sha512_ssse3 irqbypass drm_buddy sha512_generic nls_ascii drm_display_helper mei_hdcp cec intel_chtwc_int33fe nls_cp437 ghash_clmulni_intel iTCO_wdt intel_pmc_bxt rc_core vfat evdev cryptd joydev fat ctr iTCO_vendor_support at24 intel_cstate ttm serio_raw drbg watchdog mei_txe ansi_cprng drm_kms_helper mei efi_pstore pcspkr ecdh_generic ecc pwm_lpss_platform button
[63887.180172] pwm_lpss sg 8812au(OE) cfg80211 rfkill drm fuse configfs efivarfs ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 crc32c_generic hid_generic usbhid sd_mod t10_pi crc64_rocksoft crc64 crc_t10dif crct10dif_generic ahci libahci xhci_pci libata xhci_hcd crct10dif_pclmul crct10dif_common igb crc32_pclmul crc32c_intel psmouse i2c_algo_bit i2c_i801 usbcore lpc_ich scsi_mod i2c_smbus dca ptp pps_core usb_common scsi_common i2c_hid_acpi i2c_hid hid video
[63887.202912] CPU: 0 PID: 14826 Comm: openvpn Tainted: G W OE 5.19.0-1-amd64 OpenVPN/ovpn-dco#1 Debian 5.19.6-1
[63887.205182] Hardware name: Default string Default string/Aptio CRB, BIOS 5.6.5 08/01/2021
[63887.207456] RIP: 0010:nla_get_range_unsigned+0xee/0x100
[63887.209709] Code: 5d 48 8b 50 08 48 8b 00 48 89 56 08 48 89 06 c3 cc cc cc cc 48 c7 c2 ff ff ff ff e9 59 ff ff ff ba ff ff ff ff e9 4f ff ff ff <0f> 0b e9 2b ff ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 55 0f b6 07
[63887.214115] RSP: 0018:ffffbfa3c434b8c0 EFLAGS: 00010286
[63887.216239] RAX: 0000000000000004 RBX: ffff9c8702a29828 RCX: 000000000000003e
[63887.218316] RDX: 0000000000000000 RSI: ffffbfa3c434b928 RDI: ffffffffc1565b70
[63887.220307] RBP: ffffbfa3c434b8c0 R08: 0000000000000000 R09: ffffbfa3c434b928
[63887.222155] R10: 0000000000000001 R11: ffff9c87002d9840 R12: 0000000000000002
[63887.224029] R13: ffffbfa3c434bb90 R14: 0000000000000000 R15: 0000000000000000
[63887.225865] FS: 00007f1cfbc65800(0000) GS:ffff9c8837e00000(0000) knlGS:0000000000000000
[63887.227779] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[63887.229551] CR2: 0000562a5a7c0000 CR3: 0000000108d06000 CR4: 00000000001006f0
[63887.231404] Call Trace:
[63887.233233]
[63887.234979] __nla_validate_parse+0x345/0xc10
[63887.236741] ? crypto_aead_setauthsize+0x2e/0x50
[63887.238445] ? select_task_rq_fair+0x174/0x1270
[63887.240144] __nla_validate_parse+0x411/0xc10
[63887.241812] __nla_parse+0x22/0x30
[63887.243471] genl_family_rcv_msg_attrs_parse.constprop.0+0x8f/0xf0
[63887.245163] genl_family_rcv_msg_doit+0x5f/0x150
[63887.246827] ? _raw_spin_unlock_irqrestore+0x23/0x40
[63887.248495] ? __wake_up_common_lock+0x8a/0xc0
[63887.250114] ? bpf_lsm_capset+0x10/0x10
[63887.251765] genl_rcv_msg+0xdc/0x1e0
[63887.253355] ? ovpn_netlink_get_peer+0x1b0/0x1b0 [ovpn_dco]
[63887.254956] ? genl_get_cmd+0xe0/0xe0
[63887.256573] netlink_rcv_skb+0x51/0x100
[63887.258169] genl_rcv+0x24/0x40
[63887.259764] netlink_unicast+0x23e/0x360
[63887.261355] netlink_sendmsg+0x24e/0x4b0
[63887.262940] sock_sendmsg+0x62/0x70
[63887.264530] ____sys_sendmsg+0x230/0x270
[63887.266117] ? import_iovec+0x2d/0x40
[63887.267707] ? sendmsg_copy_msghdr+0x7d/0xa0
[63887.269300] ___sys_sendmsg+0x81/0xc0
[63887.270882] ? generic_perform_write+0x141/0x200
[63887.272480] ? ext4_buffered_write_iter+0x91/0x110 [ext4]
[63887.274125] ? new_sync_write+0x106/0x190
[63887.275746] __sys_sendmsg+0x59/0xa0
[63887.277340] do_syscall_64+0x3b/0xc0
[63887.278902] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[63887.280458] RIP: 0033:0x7f1cfbb0b443
[63887.281996] Code: 64 89 02 48 c7 c0 ff ff ff ff eb b9 66 2e 0f 1f 84 00 00 00 00 00 90 64 8b 04 25 18 00 00 00 85 c0 75 14 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 55 c3 0f 1f 40 00 48 83 ec 28 89 54 24 1c 48
[63887.285224] RSP: 002b:00007ffdcf8965b8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[63887.286820] RAX: ffffffffffffffda RBX: 0000562a5b0f7b40 RCX: 00007f1cfbb0b443
[63887.288390] RDX: 0000000000000000 RSI: 00007ffdcf8965f0 RDI: 0000000000000005
[63887.289905] RBP: 0000562a5b17c010 R08: 0000562a5b10a188 R09: 0000000000000000
[63887.291370] R10: 0000000000000020 R11: 0000000000000246 R12: 0000562a5b17b840
[63887.292796] R13: 00007ffdcf8965f0 R14: 0000562a5b18ba6c R15: 0000000000000001
[63887.294170]
[63887.295495] ---[ end trace 0000000000000000 ]---

from openvpn.

Thanks for the log! To make sure I understand: did this log appear around the time when the connection dropped? Or you don't know for sure?

from openvpn.

I restarted the client after +-12 hours this message appeared. the connection was ok.

the DCO Driver on server is sending the wrong signal to the client. I configured ping 10 restart 120

2022-09-19 17:26:15 Bruno-Casa/2804:14d:5ca0::XXX SIGTERM[soft,ovpn-dco: ping expired] received, client-instance exiting
2022-09-23 10:18:09 Bruno-Casa/2804:14d:5ca0::XXX SIGUSR1[soft,ping-restart] received, client-instance restarting

I think there are other problems, but I'm going to travel and I'll be back in 15 or 20 days

from openvpn.

2022-09-19 17:26:15 Bruno-Casa/2804:14d:5ca0::XXX SIGTERM[soft,ovpn-dco: ping expired] received, client-instance exiting
2022-09-23 10:18:09 Bruno-Casa/2804:14d:5ca0::XXX SIGUSR1[soft,ping-restart] received, client-instance restarting

this was very helpful, thanks!
A potential fix for this issue has been sent to the mailing list - however I am waiting for feedback to make sure this is the correct approach.

from openvpn.

2022-09-19 17:26:15 Bruno-Casa/2804:14d:5ca0::XXX SIGTERM[soft,ovpn-dco: ping expired] received, client-instance exiting
2022-09-23 10:18:09 Bruno-Casa/2804:14d:5ca0::XXX SIGUSR1[soft,ping-restart] received, client-instance restarting

this was very helpful, thanks! A potential fix for this issue has been sent to the mailing list - however I am waiting for feedback to make sure this is the correct approach.

no need to thank, hugs

from openvpn.

apparently this is just a cosmetic thing, but sending USR1 or TERM in server mode makes no difference in that context. So this is not really an issue

from openvpn.

from openvpn.