Hi everyone,
I have stumble upon an issue where on some clients if I enable the VPN all
traffic that needs SSL ( https, for instance) is unreachable. Sometimes I
can get to it a few times, but most of the time the request just hangs
there.
There is no IP conflict issue, other systems connected to the server are
able to reach https websites without any issue.
I have other clients connected to the server and this is the second time I
see this behavior. It started sometime (a few weeks) after install/setup.
*Client version*
OpenVPN 2.4.0 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4]
[EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Oct 14 2018
library versions: OpenSSL 1.0.2r 26 Feb 2019, LZO 2.08
Originally developed by James Yonan
Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sa...@openvpn.net>
Compile time defines: enable_async_push=no enable_comp_stub=no
enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes
enable_def_auth=yes enable_dependency_tracking=no enabl
e_dlopen=unknown enable_dlopen_self=unknown
enable_dlopen_self_static=unknown enable_fast_install=yes
enable_fragment=yes enable_iproute2=yes enable_libtool_lock=yes
enable_lz4=ye
s enable_lzo=yes enable_maintainer_mode=no enable_management=yes
enable_multi=yes enable_multihome=yes enable_pam_dlopen=no
enable_password_save=yes enable_pedantic=no enable_pf=y
es enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes
enable_plugins=yes enable_port_share=yes enable_selinux=no
enable_server=yes enable_shared=yes enable_s
hared_with_static_runtimes=no enable_silent_rules=no enable_small=no
enable_static=yes enable_strict=no enable_strict_options=no
enable_systemd=yes enable_werror=no enable_win32_d
ll=yes enable_x509_alt_username=yes with_crypto_library=openssl
with_gnu_ld=yes with_mem_check=no with_plugindir='${prefix}/lib/openvpn'
with_sysroot=no
*Client config*
dev-type tun
proto udp
port 1194
remote remote.vpn.net 1194
dev tun-vpn
user root
group root
persist-key
persist-tun
verb 3
ca /etc/openvpn/client.crt
cert /etc/openvpn/client.crt
key /etc/openvpn/client.key
tls-auth /etc/openvpn/tls.key
redirect-gateway def1
key-direction 1
pull
tls-client
resolv-retry infinite
nobind
*It just hangs here, after connect*
$ openssl s_client -connect google.com:443
CONNECTED(00000003)
the strace reports:
....
close(4) = 0
brk(0x1b1b000) = 0x1b1b000
getpid() = 7490
write(3,
"\26\3\1\2\0\1\0\1\374\3\3\304\206\232N\361\276\311\231\223\377\265\332p\16=P\237\365Z\317\340"...,
517) = 517
read(3, 0x1afa4b0, 7) = -1 EAGAIN (Resource temporarily
unavailable)
rt_sigaction(SIGPIPE, {sa_handler=SIG_IGN, sa_mask=[PIPE],
sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x76cee6b0}, NULL, 8) = 0
poll([{fd=3, events=POLLIN}], 1, 52) = 0 (Timeout)
rt_sigaction(SIGPIPE, NULL, {sa_handler=SIG_IGN, sa_mask=[PIPE],
sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x76cee6b0}, 8) = 0
rt_sigaction(SIGPIPE, {sa_handler=SIG_IGN, sa_mask=[PIPE],
sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x76cee6b0}, NULL, 8) = 0
poll([{fd=3, events=POLLIN|POLLPRI|POLLRDNORM|POLLRDBAND}], 1, 0) = 0
(Timeout)
rt_sigaction(SIGPIPE, {sa_handler=SIG_IGN, sa_mask=[PIPE],
sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x76cee6b0}, NULL, 8) = 0
poll([{fd=3, events=POLLIN}], 1, 1) = 0 (Timeout)
Can anyone point to how to debug this?
The other system eventually sort itself out and I thought it might be
because there was a pkg upgrade available, but I've already tried that and
no luck...
--
Duarte Rocha <duarte.ro...@gmail.com>
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
