Bug#486841: openvpn: Failure of learn-address script doesn't behave sensibly
On Wed, Jun 18, 2008 at 10:32:13AM -0400, Andrew Moise wrote: I like that a failure of learn-address prevenst the connection from working, since I depend on learn-address to set up filtering that's needed for some VPN connections to be firewalled properly, but I would prefer if the connection would be closed properly rather than remaining in what looks like an indeterminate (and not immediately straightforward to debug) state. Hi, I agree with you in the 'erratic' behavior, but it's actually documented in the man page: 'if the script returns a failure code (non-zero), OpenVPN will reject the address and will not modify its internal routing table.' I'm tagging it 'upstream' and 'wishlist', and letting upstream decide on it. Thanks, Alberto -- Alberto Gonzalez Iniesta| Formación, consultoría y soporte técnico agi@(inittab.org|debian.org)| en GNU/Linux y software libre Encrypted mail preferred| http://inittab.com Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#486841: openvpn: Failure of learn-address script doesn't behave sensibly
Package: openvpn Version: 2.0.9-4etch1 Severity: normal If the learn-address script returns an error, openvpn still leaves the connection open, but no packets are exchanged over it, and I get a lot of messages like the following in my syslog: Jun 16 19:55:24 qix ovpn-server[2486]: areed/71.174.117.46:4759 WARNING: learn-address command failed: shell command exited with error status: 13 Jun 16 19:55:24 qix ovpn-server[2486]: areed/71.174.117.46:4759 MULTI: Learn FAILED: 00:ff:01:bf:d7:f8 - areed/71.174.117.46:4759 Jun 16 19:55:24 qix ovpn-server[2486]: areed/71.174.117.46:4759 MULTI: bad source address from client [00:ff:01:bf:d7:f8], packet dropped Jun 16 19:55:25 qix ovpn-server[2486]: areed/71.174.117.46:4759 WARNING: learn-address command failed: shell command exited with error status: 13 Jun 16 19:55:25 qix ovpn-server[2486]: areed/71.174.117.46:4759 MULTI: Learn FAILED: 00:ff:01:bf:d7:f8 - areed/71.174.117.46:4759 Jun 16 19:55:25 qix ovpn-server[2486]: areed/71.174.117.46:4759 MULTI: bad source address from client [00:ff:01:bf:d7:f8], packet dropped I like that a failure of learn-address prevenst the connection from working, since I depend on learn-address to set up filtering that's needed for some VPN connections to be firewalled properly, but I would prefer if the connection would be closed properly rather than remaining in what looks like an indeterminate (and not immediately straightforward to debug) state. Cheers. -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-6-686 Locale: LANG=en_US.ISO-8859-1, LC_CTYPE=en_US.ISO-8859-1 (charmap=ISO-8859-1) Versions of packages openvpn depends on: ii debconf [debconf-2.0] 1.5.11etch1 Debian configuration management sy ii libc6 2.3.6.ds1-13etch5 GNU C Library: Shared libraries ii liblzo2-2 2.02-2data compression library ii libssl0.9.80.9.8c-4etch3 SSL shared libraries openvpn recommends no packages. -- debconf-show failed -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
