Package: openvpn Version: 2.3.4-5 Severity: important Hi, `/etc/init.d/openvpn stop CONF' fails to tear down everything properly from time to time. The most noticeable is the resolv.conf which keeps the nameservers configured for the vpn. The only difference between the working and non-working run is the following in the system log:
Working: Aug 25 21:17:50 tiehlicka ovpn-CONF[15906]: event_wait : Interrupted system call (code=4) Aug 25 21:17:50 tiehlicka ovpn-CONF[15906]: SIGTERM received, sending exit notification to peer Aug 25 21:17:55 tiehlicka ovpn-CONF[15906]: TCP/UDP: Closing socket Aug 25 21:17:55 tiehlicka ovpn-CONF[15906]: /sbin/ip route del 151.155.128.0/17 Aug 25 21:17:55 tiehlicka ovpn-CONF[15906]: /sbin/ip route del 137.65.0.0/16 Aug 25 21:17:55 tiehlicka ovpn-CONF[15906]: /sbin/ip route del 164.99.0.0/16 Aug 25 21:17:55 tiehlicka ovpn-CONF[15906]: /sbin/ip route del 147.2.0.0/16 Aug 25 21:17:55 tiehlicka ovpn-CONF[15906]: /sbin/ip route del 149.44.0.0/16 Aug 25 21:17:55 tiehlicka ovpn-CONF[15906]: /sbin/ip route del 10.0.0.0/8 Aug 25 21:17:55 tiehlicka ovpn-CONF[15906]: Closing TUN/TAP interface Aug 25 21:17:55 tiehlicka ovpn-CONF[15906]: /sbin/ip addr del dev tun0 local 10.100.200.69 peer 10.100.200.1 Aug 25 21:17:55 tiehlicka ovpn-CONF[15906]: /etc/openvpn/update-resolv-conf tun0 1500 1602 10.100.200.69 10.100.200.1 init Aug 25 21:17:55 tiehlicka ovpn-CONF[15906]: SIGTERM[soft,exit-with-notification] received, process exiting Aug 25 21:17:57 tiehlicka ntpd[3288]: Deleting interface #40 tun0, 10.100.200.69#123, interface stats: received=0, sent=0, dropped=0, active_time=15 secs Non-working: ug 25 21:18:18 tiehlicka ovpn-CONF[16099]: event_wait : Interrupted system call (code=4) Aug 25 21:18:18 tiehlicka ovpn-CONF[16099]: SIGTERM received, sending exit notification to peer Aug 25 21:18:24 tiehlicka ntpd[3288]: Deleting interface #41 tun0, 10.100.200.69#123, interface stats: received=0, sent=0, dropped=0, active_time=8 secs Curiously enough the additional routes have been deleted even in the non-working case regardless the missing entries in the log. I cannot seem to be able to reproduce this reliably but it happens in roughly 1 in 10 cases. It seems like the notification is missed but I haven't debugged it any further. Any hints on where to look would be welcome. Let me know if any further information would be useful. -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.2.0-rc7 (SMP w/2 CPU cores; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages openvpn depends on: ii debconf [debconf-2.0] 1.5.57 ii init-system-helpers 1.23 ii initscripts 2.88dsf-59.2 ii iproute2 4.0.0-1 ii libc6 2.19-19 ii liblzo2-2 2.08-1.2 ii libpam0g 1.1.8-3.1 ii libpkcs11-helper1 1.11-4 ii libssl1.0.0 1.0.2d-1 Versions of packages openvpn recommends: ii easy-rsa 2.2.2-2 Versions of packages openvpn suggests: ii openssl 1.0.2d-1 ii resolvconf 1.77 -- debconf information: openvpn/create_tun: false -- Michal Hocko

