Hey folks,
in an environment with 2 openvpn instances (one TCP and one UDP), previous unattended-upgrades of the openvpn package in Ubuntu 18.04 caused outages, because the UDP based instance was unable to add routes to the kernel: /sbin/ip route add 192.168.20.0/24 via 10.20.30.2 ERROR: Linux route add command failed: external program exited with error status: 2 /sbin/ip route add 10.20.30.0/24 via 10.20.30.2 ERROR: Linux route add command failed: external program exited with error status: 2 iproute2 return code 2 indicates a kernel error. The openvpn instances downgrade privileges to nogroup/nobody, so the removal of the routes also fail, but when removing the tun interface, the routes will vanish anyway. I'm wondering if somebody has seen issues like this. Of course the error comes from the kernel, this could be some race condition due to two processes inserting routes at the same moment or something, but I have to find a way to do this reliably. I'm also wondering about error handling. Failing to add routes means we have a non-working openvpn instance, but the ip route return code is only logged; it does not trigger a fatal exit of openvpn itself. So the parent process/process supervisor cannot possibly be aware of any problems. Any advice would be much appreciated. thanks, lukas _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
