Re: [Openvpn-users] explicit-exit-notify is ignored by previous blocks.

Mon, 28 Aug 2017 00:51:52 -0700 


Am 24.08.2017 um 23:40 schrieb Selva:
>
>
> On Thu, Aug 24, 2017 at 6:23 AM, Eike Lohmann <e.lohm...@ic3s.de
> <mailto:e.lohm...@ic3s.de>> wrote:
>
>
>     Hi,
>
>     with openvpn 2.4.x client and server I get this notice/error in my 
> clientlogs:
>
>     Thu Aug 24 12:15:29 2017 *Option 'explicit-exit-notify' in
>     [PUSH-OPTIONS]:7 **is ignored by previous <connection> blocks* 
>
>
>
>     Thu Aug 24 12:15:29 2017 PUSH: Received control message:
>     'PUSH_REPLY,cipher AES-256-GCM,push-continuation 1'
>     Thu Aug 24 12:15:29 2017 OPTIONS IMPORT: timers and/or timeouts modified
>     Thu Aug 24 12:15:29 2017 OPTIONS IMPORT: explicit notify parm(s) modified
>     Thu Aug 24 12:15:29 2017 OPTIONS IMPORT: --ifconfig/up options modified
>     Thu Aug 24 12:15:29 2017 OPTIONS IMPORT: route options modified
>     Thu Aug 24 12:15:29 2017 OPTIONS IMPORT: route-related options modified
>     Thu Aug 24 12:15:29 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option
>     options modified
>     Thu Aug 24 12:15:29 2017 OPTIONS IMPORT: peer-id set
>     Thu Aug 24 12:15:29 2017 OPTIONS IMPORT: adjusting link_mtu to 1629
>     Thu Aug 24 12:15:29 2017 OPTIONS IMPORT: data channel crypto options 
> modified
>
>     The server pushed:
>
>     "Thu Aug 24 11:55:25 2017 PUSH: Received control message: 'PUSH_REPLY,ping
>     27,ping-restart 60,route-delay 6 6,dhcp-option DOMAIN bla,dhcp-option DNS
>     x.x.x.x,dhcp-option DNS x.x.x.x,explicit-exit-notify 2,route (many
>     routes),ifconfig x.x.x.x x.x.x.x,peer-id 0,push-continuation 2'"
>
>     The clientconfig don't use <connection> blocks, it has just one remote and
>     this remote is a round robin dns.
>     No change in the behavior with set or unset "explicit-exit-notify 2" in
>     the clientconfig.
>
>
>
> What do you mean by "no change in behaviour"? If you add "explicit-exit-notify
> 2" in the client config, the client should send two notifies before
> disconnecting (for udp only). Please show the logs if it doesn't.
Sorry I mean the client logmessage behavior.
I have tested it and the server get a "SIGTERM[soft,remote-exit] received,
client-instance exiting" right in that moment where the clients disconnects.

So it works! But not in not existing previous connection blocks. :)

Thanks for your reply, regards Eike


>
> IIRC, even if a single remote is in use, internally it gets converted to a
> connection list entry so a pushed 'explicit-exit-notify' is unlikely to work.
>
>
>     Any Ideas how to solve this?
>
>
> Add the directive to the config.
>
> Selva


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to