Package: openvpn Version: 2.6.3-1+deb12u3 Severity: normal Tags: upstream, fixed-upstream, bookworm Control: notfound -1 2.5.1-3+deb11u1 Control: fixed -1 2.6.14-1
Somewhere between 2.5.1 and 2.6.3 there manifested a bug where a client can lose the connection around session key expiration, which is not detected by the server, which in turn cause a 60 seconds connection gap until resynchonisation. It seems to be only dependent on the server version. The effect is that the client may log a large amnount of AEAD Decrypt error: cipher final failed errors, or in case of kernel module: ovpn_decrypt_one: error during decryption for peer 0, key-id 0: -74 ovpn_aead_decrypt: decrypt failed: -74 errors when the server have expired the key, and it stays dead until server timeout (usually 60 seconds) expires and triggers a resync. From then on everything works fine until the next expiration. This seems to be fixed in v2.6.14 server, which is not in stable, nor in the backports. It probably should be. Thanks!
