Hi,
On 23/07/14 08:19, arno.oderm...@ch.schindler.com wrote:
Dear both,
thank you for your reply.
Yes, we are using the "--client-connect" and according to 2.3 OpenVPN
manual (see section below) it does create files by writing to "file
named by $1."
Gert, we are sure, there was not a problem with the resources (eg.:
max open files, max filed descriptors, etc.) on the system.
What else can I do about it?
try debugging this by adding some statements to the client-connect
script, e.g.
ls -l /proc/self/fd/* | wc -l >> /tmp/debug.log
sysctl fs.file-nr >> /tmp/debug.log
to find out if there really are no more filehandles available.
For each connection a new client-connect script is started, so I doubt
that any non-closed file handles will accumulate and cause this problem.
HTH,
JJK
--client-connect script
Run script on client connection. The script is passed the common name
and IP address of the just-authenticated client as environmental
variables (see environmental variable section below). The script is
also passed the pathname of a not-yet-created temporary file as $1
(i.e. the first command line argument), to be used by the script to
pass dynamically generated config file directives back to OpenVPN.
If the script wants to generate a dynamic config file to be applied on
the server when the client connects, it should write it to the file
named by $1.
thank you again
Arno
From: Gert Doering <g...@greenie.muc.de>
To: Eric Crist <ecr...@secure-computing.net>,
Cc: arno.oderm...@ch.schindler.com, openvpn-devel@lists.sourceforge.net
Date: 22.07.2014 21:34
Subject: Re: [Openvpn-devel] Openvpn 2.3.2: "Could not create
temporary file" ....Too many open files
------------------------------------------------------------------------
Hi,
On Tue, Jul 22, 2014 at 12:37:19PM -0500, Eric Crist wrote:
> This isn't an OpenVPN problem, directly. It appears you have a
client connect script, or are storing connection information in temp
files. You can increase the maximum allowed open files in Fedora
(you'll have to research that yourself). Alternatively, stop storing
connection data in a temp file for new connections. OpenVPN, by
itself, does not create these temporary files.
Uh, this is not fully correct. If you use --client-connect (or any of
the other up scripts that enable passing of config values back), OpenVPN
will create the temp file to be used for that, to avoid race conditions.
I'm not sure when this was added, but "recentish" (2.2.x)
Now the sema-files do not ring a bell, but we need to check whether we
properly clean up the other files - but that should be visible in "lsof"
while OpenVPN is running and after a few connections have completed.
gert
