On 11/23/2010 09:58 PM, Kurt Roeckx wrote:
notfound 604723 0.9.8g-15+lenny6
found 604723 0.9.8g-15+lenny9
thanks
On Tue, Nov 23, 2010 at 08:58:02PM +0100, Martin Burman wrote:
Package: libssl0.9.8
Version: 0.9.8g-15+lenny6
Severity: important
After apply the latest patches my openvpn tunnel broke down.
Downgrading to cipher 0.9.8g-15+lenny6 (my previous version) brought the tunnel
up again.
Openvpn did start ok, interface went up, logs stated "connected to peer" but
the tunnel was non-functional.
I have production state on this tunnel so I had lack of time in investigating
underlying causes.
If you provide me with your wishes I can do tests under controlled
circumstances.
Do the logs indicate any kind of error message?
Can you try exactly which version broke things? Can you for
instance try if 0.9.8g-15+lenny8 still works?
I've tried this with 0.9.8o-3 which has the same patch as
0.9.8g-15+lenny9, and it still works for me.
I can also try this with a lenny based system, but I'm not going
to try this this late in the evening.
Kurt
Hi Kurt,
I just tested with libssl0.9.8_0.9.8g-15+lenny8_i386.deb and it works fine.
just to be clear: I buy this tunnel as a service from an ISP to obtain a
public, fixed ip address.
I have no control about the config and I have ignored the WARNING in the
bottom of the success log because the openvpn.conf was created by the ISP.
I interpret the Warning as interface is brought up correctly and the
server (my peer) is sending a somewhat misconfigured route.
An error but it indicates a fully established tunnel.
tunnel fail:
Nov 23 19:21:57 decent ovpn-openvpn[2108]: OpenVPN 2.1_rc11
i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Sep 18 2008
Nov 23 19:21:57 decent ovpn-openvpn[2108]: /usr/sbin/openvpn-vulnkey -q
keyfile.key
Nov 23 19:21:58 decent ovpn-openvpn[2108]: WARNING: file 'keyfile.key'
is group or others accessible
Nov 23 19:21:58 decent ovpn-openvpn[2108]: LZO compression initialized
Nov 23 19:21:58 decent ovpn-openvpn[2108]: TUN/TAP device tap0 opened
Nov 23 19:21:58 decent ovpn-openvpn[2108]: /sbin/ifconfig tap0 A.B.C.D
netmask 255.255.255.0 mtu 1500 broadcast A.B.C.FF
Nov 23 19:21:58 decent ovpn-openvpn[2122]: UDPv4 link local (bound):
[undef]:5094
Nov 23 19:21:58 decent ovpn-openvpn[2122]: UDPv4 link remote: E.F.G.H:5094
Nov 23 19:21:58 decent ovpn-openvpn[2122]: Peer Connection Initiated
with E.F.G.H:5094
Nov 23 19:21:59 decent ovpn-openvpn[2122]: Initialization Sequence Completed
tunnel success:
Nov 23 20:21:20 decent ovpn-openvpn[2171]: OpenVPN 2.1_rc11
i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Sep 18 2008
Nov 23 20:21:20 decent ovpn-openvpn[2171]: /usr/sbin/openvpn-vulnkey -q
keyfile.key
Nov 23 20:21:21 decent ovpn-openvpn[2171]: WARNING: file 'keyfile.key'
is group or others accessible
Nov 23 20:21:21 decent ovpn-openvpn[2171]: LZO compression initialized
Nov 23 20:21:21 decent ovpn-openvpn[2171]: TUN/TAP device tap0 opened
Nov 23 20:21:21 decent ovpn-openvpn[2171]: /sbin/ifconfig tap0 A.B.C.D
netmask 255.255.255.0 mtu 1500 broadcast A.B.C.FF
Nov 23 20:21:21 decent ovpn-openvpn[2186]: UDPv4 link local (bound):
[undef]:5094
Nov 23 20:21:21 decent ovpn-openvpn[2186]: UDPv4 link remote: E.F.G.H:5094
Nov 23 20:21:22 decent ovpn-openvpn[2186]: Peer Connection Initiated
with E.F.G.H:5094
Nov 23 20:21:22 decent ovpn-openvpn[2186]: Initialization Sequence Completed
Nov 23 20:21:31 decent ovpn-openvpn[2186]: WARNING: 'ifconfig' is used
inconsistently, local='ifconfig A.B.C.0 255.255.255.0', remote='ifconfig
A.B.C.0 255.255.255.128'
Anonymized version of my client config:
dev tap
remote E.F.G.H
float E.F.G.H
port 5094
comp-lzo
ifconfig A.B.C.D 255.255.255.0
route-gateway A.B.C.1
redirect-gateway def1
secret keyfile.key
cipher AES-128-CBC
************************
head -1 keyfile.key
-----BEGIN OpenVPN Static key V1-----
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
