[Linuxtrent] OpenVPN & --persist-tun

  • From: gdo@xxxxxxxxx
  • To: linuxtrent@xxxxxxxxxxxxx
  • Date: Sat, 06 Jul 2013 11:23:46 +0200

Quando si utilizza la direttiva --/persist/-/tun sul client nel caso che sul server si modificano i parametri quando il collegamento viene riattivato il client chiude e riapre l'interfaccia "tun" ma causa un errore (vedi log sottostante) il tunnel non viene più riattivato: 

//
/
/Jul 6 09:33:30 my_client ovpn-1t__[17597]: Attempting to establish TCP connection with 1.2.3.4:1234 [nonblock] Jul 6 09:33:31 my_client ovpn-1t__[17597]: TCP: connect to 1.2.3.4:1234 failed, will try again in 5 seconds: Connection refused 

/
Connessione rifiutata in quanto il servizio sul server è "down". Ma poi quando il server è up ...
/Jul 6 09:33:31 my_client ovpn-1t__[17597]: SIGUSR1[soft,init_instance] received, process restarting Jul 6 09:33:36 my_client ovpn-1t__[17597]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Jul 6 09:33:36 my_client ovpn-1t__[17597]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 
Jul  6 09:33:36 my_client ovpn-1t__[17597]: Re-using SSL/TLS context
Jul  6 09:33:36 my_client ovpn-1t__[17597]: LZO compression initialized
Jul 6 09:33:36 my_client ovpn-1t__[17597]: Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ] Jul 6 09:33:36 my_client ovpn-1t__[17597]: Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ] Jul 6 09:33:36 my_client ovpn-1t__[17597]: Local Options hash (VER=V4): '691a9daa' Jul 6 09:33:36 my_client ovpn-1t__[17597]: Expected Remote Options hash (VER=V4): 'c0a45fa8' Jul 6 09:33:36 my_client ovpn-1t__[17597]: Attempting to establish TCP connection with 1.2.3.4:1234 [nonblock] Jul 6 09:33:37 my_client ovpn-1t__[17597]: TCP connection established with 1.2.3.4:1234 Jul 6 09:33:37 my_client ovpn-1t__[17597]: TCPv4_CLIENT link local: [undef] Jul 6 09:33:37 my_client ovpn-1t__[17597]: TCPv4_CLIENT link remote: 1.2.3.4:1234 Jul 6 09:33:39 my_client ovpn-1t__[17597]: VERIFY OK: depth=1, /C=IT/ST=TN/L=MyCity/O=My_Server/emailAddress=openvpn@xxxxxxxxxxxxx Jul 6 09:33:39 my_client ovpn-1t__[17597]: VERIFY OK: depth=0, /C=IT/ST=TN/L=MyCity/O=My_Server/OU=my_service/CN=my_service/emailAddress=openvpn@xxxxxxxxxxxxx Jul 6 09:33:45 my_client ovpn-1t__[17597]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Jul 6 09:33:45 my_client ovpn-1t__[17597]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Jul 6 09:33:45 my_client ovpn-1t__[17597]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Jul 6 09:33:45 my_client ovpn-1t__[17597]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Jul 6 09:33:45 my_client ovpn-1t__[17597]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA Jul 6 09:33:45 my_client ovpn-1t__[17597]: [my_service] Peer Connection Initiated with 1.2.3.4:1234 Jul 6 09:33:47 my_client ovpn-1t__[17597]: Preserving previous TUN/TAP instance: tun1 Jul 6 09:33:47 my_client ovpn-1t__[17597]: NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device. 
/


/Qui si accorge che i parametri sono cambiati.

/
/Jul 6 09:33:47 my_client ovpn-1t__[17597]: ERROR: Linux route delete command failed: external program exited with error status: 7 Jul 6 09:33:47 my_client ovpn-1t__[17597]: ERROR: Linux route delete command failed: external program exited with error status: 7 
Jul  6 09:33:47 my_client ovpn-1t__[17597]: Closing TUN/TAP interface
Jul  6 09:33:47 my_client ovpn-1t__[17597]: /sbin/ifconfig tun1 0.0.0.0
Jul 6 09:33:47 my_client ovpn-1t__[17597]: Linux ip addr del failed: external program exited with error status: 255 Jul 6 09:33:48 my_client ovpn-1t__[17597]: Note: Cannot ioctl TUNSETIFF tun1: Operation not permitted (errno=1) Jul 6 09:33:48 my_client ovpn-1t__[17597]: Note: Attempting fallback to kernel 2.2 TUN/TAP interface Jul 6 09:33:48 my_client ovpn-1t__[17597]: Cannot open TUN/TAP dev /dev/tun1: No such file or directory (errno=2) 
Jul  6 09:33:48 my_client ovpn-1t__[17597]: Exiting/
Qui disabilita l'interfaccia "tun" che non viene più ripristinata se non dopo un "/etc/init.d/openvpn restart ..." 

Quanche idea?
E' normale / documentato ... o potrebbe dipendere dal mio caso particolare ? 
(Linux kernel  2.6.32-27 Ubuntu i386 lucid)

bye
gdo

////

Other related posts:

  1. Home
  2. linuxtrent
  3. Archive
  4. 07-2013