Hi,
Synopis: When OpenVPN installed by pkg_add is started in rdomain it
hangs during initialization.
Category: system user kernel amd64 i386
Environment:
System : OpenBSD 5.8
Details : OpenBSD 5.8 (GENERIC.MP) #1236: Sun Aug 16
02:31:04 MDT 2015
[email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
Architecture: OpenBSD.amd64
Machine : amd64
Description:
I've configured routing domain with few interfaces. I'm trying to start
OpenVPN in it with following configuration:
--------------- START ------
dev tun8
local <REMOVED>
port 1194
proto udp
mode server
tls-server
daemon <REMOVED>
script-security 1
ca <REMOVED>
cert <REMOVED>
key <REMOVED>
dh <REMOVED>
crl-verify <REMOVED>
topology subnet
ifconfig 172.31.208.1 255.255.240.0
client-config-dir "<REMOVED>"
ccd-exclusive
keepalive 10 120
comp-lzo
user _openvpn
group _openvpn
persist-key
persist-tun
status <REMOVED>
verb 3
writepid <REMOVED>
----- END---
Unfortunetly OpenVPN is demoning but it hangs at during initialization.
Normal startup is as follows:
Tue Feb 16 07:50:27 2016 OpenVPN 2.3.7 x86_64-unknown-openbsd5.8 [SSL
(OpenSSL)] [LZO] [MH] [IPv6] built on Aug 8 2015
Tue Feb 16 07:50:27 2016 library versions: LibreSSL 2.2.2, LZO 2.09
Tue Feb 16 07:50:27 2016 Diffie-Hellman initialized with 2048 bit key
Tue Feb 16 07:50:27 2016 Socket Buffers: R=[41600->65536] S=[9216->65536]
Tue Feb 16 07:50:27 2016 TUN/TAP device tun8 exists previously, keep at
program end
Tue Feb 16 07:50:27 2016 TUN/TAP device /dev/tun8 opened
Tue Feb 16 07:50:27 2016 do_ifconfig, tt->ipv6=0,
tt->did_ifconfig_ipv6_setup=0
but when starting in routing domain (route -T3 exec openvpn
/path/to/config/file) it shows only first two lines. I'm expiriencing
this problem from quite long time and for me it existed on OpenBSD 5.6,
5,7 in i386, and exists on 5.8 in i386 and amd64. I've tried to debug
this problem on my own some time ago and I get identical results as
describe in here:
http://osdir.com/ml/general/2014-02/msg07272.html
When I've debugged problem some time ago I found that it hangs on read
expecting to get information about routes from kernel (I believe). So I
don't know if it is problem of OpenVPN or kernel as without rdomain is
working OK. In problematic rdomain I have default gateway (as in main
rdomain), I'm using also carp, vlan, gre i enc interfaces (in main
routing domain I have all of this interface types too).
How-To-Repeat:
Run openvpn in udp server mode with certificate authentication and on
tun interface in routing domain (in my case no. 3).
Fix:
No fix but I found workaround. I'm running openvpn in standard routing
domain and redirecting traffic using pf rules.
--
Rafał Ramocki
Dział Administracji Systemami
eo Networks S.A.
tel: 15 822 79 91
e-mail : [email protected]
eo Networks S.A.
ul. Głuszycka 5, 02-215 Warszawa
NIP: 5272604418, REGON: 141905973
Sąd Rejonowy dla m.st.. Warszawy w Warszawie XIII Wydział Gospodarczy Krajowego
Rejestru Sądowego,
KRS: 0000332547, Kapitał zakładowy i kapitał wpłacony : 205 937,90 złotych.
Ten dokument zawiera informacje poufne, które mogą być również objęte tajemnicą
handlową lub służbową. Jest on przeznaczony do wyłącznego użytku adresata.
Jeśli nie są Państwo jego adresatem lub jeśli otrzymaliście Państwo ten
dokument omyłkowo, to wszelkie rozpowszechnianie, dystrybucja, reprodukcja,
kopiowanie, publikacja lub wykorzystanie tego dokumentu czy też zawartych w nim
informacji jest zabronione. Jeśli otrzymaliście Państwo tę wiadomość przez
pomyłkę, prosimy o bezzwłoczne skontaktowanie się z nami oraz usunięcie tej
wiadomości z Państwa komputera.
This message may contain confidential and/or privileged information and is
intended solely for the use of the individual or entity to whom is addressed.
If you are not the intended recipient, then any disclosure, copying,
distribution or any other action in reliance upon is expressly prohibited and
may be unlawful. In this case, please advise the sender by replying and
deleting this message.
