Antonio Quartulli <a...@unstable.cc> 于2021年3月4日周四 下午3:48写道:
> Hi Tony, > > On 04/03/2021 03:10, Tony He wrote: > > > > Arne Schwabe <a...@rfc2549.org <mailto:a...@rfc2549.org>> 于2021年3月3日 > > 周三 下午7:56写道: > > > > Am 03.03.21 um 08:46 schrieb Tony He: > > > Hi Arne, > > > > > > I encountered segmentation fault in your dco branch. Master branch > is > > > OK. I reverted the commit "Linux data-channel offload support", > but it > > > still happens. > > > Anything wrong? Can you reproduce? > > > > OpenVPN without any encryption or TLS is not something I tested. > > Consider this obscure mode broken as part of being a preview release. > > > > > > So can you reproduce this issue at your side? Did you just test static > > key? Can you paste your commands or configurations? > > What Arne meant is that, given the following message in your log, > > ******* WARNING *******: All encryption and authentication features > disabled -- All data will be tunnelled as clear text and will not be > protected against man-in-the-middle changes. PLEASE DO RECONSIDER THIS > CONFIGURATION! > > it appears that you are testing *without* any form of encryption. > This special case is untested at the moment. > I used static key and saw same error. % sudo /project/openvpn/schwabe/openvpn.git/src/openvpn/openvpn --ifconfig 10.200.0.1 10.200.0.2 --dev tun --secret static.key [sudo] password for tony: 2021-03-04 16:20:33 OpenVPN 2.6_git [git:dco/8be9bbd16b2c5e1b] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] [DCO] built on Mar 4 2021 2021-03-04 16:20:33 library versions: OpenSSL 1.1.1 11 Sep 2018, LZO 2.08 2021-03-04 16:20:33 WARNING: INSECURE cipher (BF-CBC) with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Support for these insecure ciphers will be removed in OpenVPN 2.6. 2021-03-04 16:20:33 WARNING: INSECURE cipher (BF-CBC) with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Support for these insecure ciphers will be removed in OpenVPN 2.6. 2021-03-04 16:20:33 WARNING: INSECURE cipher (BF-CBC) with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Support for these insecure ciphers will be removed in OpenVPN 2.6. 2021-03-04 16:20:33 sitnl_send: rtnl: generic error (-17): File exists 2021-03-04 16:20:33 net_iface_mtu_set: mtu 1500 for ovpn-dco1 2021-03-04 16:20:33 net_iface_up: set ovpn-dco1 up 2021-03-04 16:20:33 net_addr_ptp_v4_add: 10.200.0.1 peer 10.200.0.2 dev ovpn-dco1 2021-03-04 16:20:33 Could not determine IPv4/IPv6 protocol. Using AF_INET 2021-03-04 16:20:33 UDPv4 link local (bound): [AF_INET][undef]:1194 2021-03-04 16:20:33 UDPv4 link remote: [AF_UNSPEC] zsh: segmentation fault sudo /project/openvpn/schwabe/openvpn.git/src/openvpn/openvpn --ifconfig > > A classic configuration with CA/certs/keys should work. > Have you tried that? > > Yes. I also tried this for a while and did not saw this error. However, the dco was not enabled by default. So I asked Arne's commands or configurations. But I just played with my configurations again and adjust verb to "5". Below log tells that I must set "topology subnet“ explicitly. Now it finally works. Note: NOT using '--topology subnet' disables data channel offload. > Regards, > > > > > > > Thanks for the report. > > > > Arne > > > > > > > > _______________________________________________ > > Openvpn-devel mailing list > > Openvpn-devel@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/openvpn-devel > > > > -- > Antonio Quartulli >
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
