Am 13.05.23 um 16:47 schrieb Melvin Vermeeren:
Hi Arne,
On Saturday, 13 May 2023 16:28:29 CEST Arne Schwabe wrote:
Can you provide some more detail here? Otherwise this seem a bit
nebulously to me what exactly explodes and goes wrong.
I changed the --keepalive setting on the server, lowering the timeout from 120
to 60 seconds to make things somewhat more responsive. Figured a small push
change like this wouldn't really cause trouble.
This triggered a TUN device close/reopen, which makes sense in hindsight.
Clients are configured to drop privilege with --user and --group after
connecting, so they could not make the change needed.
NOTE: Pulled options changed on restart, will need to close and reopen
TUN/TAP device.
...
ERROR: Cannot ioctl TUNSETIFF tun_vpn: Operation not permitted (errno=1)
Exiting due to fatal error
This is not the only case though, I also had some problems with DCO on a
Debian testing client recently, resulting in failure after network was offline
for quite a while. Official Debian package DCO 0.0+git20230324-1.
Yes the option we ignore to check if we have to reopen the tun device is
quite short. We should probably turn this into a positive list instead
of assuming that all options need to trigger to a tun reopen/close.
Arne
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
