Package: openvpn
Version: 2.4.7-1
Severity: normal
Dear Maintainer,
My OpenVPN client setup just stopped working, maybe/likely linked to a recent
update of Debian (testing).
The end result is that the openvpn daemon looks happy and gives me the right
syslog messages, yet the interface gets no IP address (and no routes either, of
course):
# ifconfig tun0
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet6 fe80::e580:a6b8:6f2:dd5 prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen
100 (UNSPEC)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 7 bytes 336 (336.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
The syslog includes the expected lines such as:
Jan 25 11:12:41 ceviche ovpn-foo[9570]: /sbin/ip addr add dev tun0
NN.MM.OO.PP/24 broadcast NN.MM.OO.255
Jan 25 11:12:41 ceviche ovpn-foo[9570]: /sbin/ip route add HOSTIP1/32 via
NN.MM.OO.1
and if I run these lines by hand, then things go back to working (until the VPN
is restarted, obviously).
So my impression is that the interface is setup correctly but is later "undone"
by some external thing. This impression comes from some suspicious extra
messages mentioning `tun0` that appear a bit further in the log:
Jan 25 11:12:41 ceviche systemd[1]: Unnecessary job for
/sys/subsystem/net/devices/tun0 was removed.
Jan 25 11:12:41 ceviche systemd[1]: Started Netscript ifup for tun0.
[...]
Jan 25 11:12:41 ceviche sh[9617]: Configuring interface: tun0.
Any idea what might be going on, how to track it down, or how to fix it?
This is a Debian testing system that's been following Debian testing for many
years.
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 4.19.0-1-686-pae (SMP w/2 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=fr_CH.UTF-8, LC_CTYPE=fr_CH.UTF-8 (charmap=UTF-8),
LANGUAGE=fr_CH.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages openvpn depends on:
ii debconf [debconf-2.0] 1.5.71
ii iproute2 4.20.0-2
ii libc6 2.28-7
ii liblz4-1 1.8.3-1
ii liblzo2-2 2.10-0.1
ii libpam0g 1.3.1-5
ii libpkcs11-helper1 1.25.1-1
ii libssl1.1 1.1.1a-1
ii libsystemd0 241-1
ii lsb-base 10.2018112800
Versions of packages openvpn recommends:
pn easy-rsa <none>
Versions of packages openvpn suggests:
ii openssl 1.1.1a-1
pn openvpn-systemd-resolved <none>
ii resolvconf 1.79
-- Configuration Files:
/etc/default/openvpn changed [not included]
-- debconf information:
openvpn/vulnerable_prng:
openvpn/create_tun: false
