Re: [Bug 799448] Re: openvpn hangs system with etoken
Am 19.07.2011 17:17, schrieb Arnaud: I have exactly the same bug on my side, is there any way to avoid it? I've found the reason. Since 0.12 opensc can only have one card reader driver enabled at any time, The default is pcsc. It seems pcsc does not work correctly with the eToken Pro. I did recompile opensc with pcsc disabled and openct enabled for Kubuntu 11.10 and now it works ok. Hope that helps. -- PGP fingerprint: A391 4109 F8D0 F67B C504 1EF6 0158 E3BB 3687 53CF -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in Ubuntu. https://bugs.launchpad.net/bugs/799448 Title: openvpn hangs system with etoken To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/799448/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 799448] Re: openvpn hangs system with etoken
Am 19.07.2011 17:17, schrieb Arnaud: I have exactly the same bug on my side, is there any way to avoid it? Not that I know. I've now found that the freezing of the whole system comes from over 900 openvpn processes that I can see in top before the system becomes unresponsive. -- PGP fingerprint: A391 4109 F8D0 F67B C504 1EF6 0158 E3BB 3687 53CF -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in Ubuntu. https://bugs.launchpad.net/bugs/799448 Title: openvpn hangs system with etoken To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/799448/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 799448] Re: openvpn hangs system with etoken
Am 21.06.2011 15:20, schrieb Chuck Short: Hi, Thanks for the bug report, I was wondering how I can reproduce this? Do you have an eToken? You need to put a private key and cert on the token. This is now described here: http://openvpn.net/index.php/open-source/documentation/howto.html#pkcs11 When I originally prepared my eToken, I created the PKCS12 file with easy-rsa, initialized the token with pkcs15-init and put the PKCS12 file on the token with pkcs15-init. I'm not sure if the hang is also reproducable with a token without PKCS15 structure on it. It should also be possible to use Aladdins proprietary PKCS11 provider under linux, but I never tried that. I can try some other eTokens with Aladdins file structure and see what happens with opevpn --show-pkcs11-ids in Ubuntu 10.10 and 11.04. (Openvpn worked for me in 10.10) Tell me how I can assist in fixing this bug. Greetings, Michael -- PGP fingerprint: A391 4109 F8D0 F67B C504 1EF6 0158 E3BB 3687 53CF -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in Ubuntu. https://bugs.launchpad.net/bugs/799448 Title: openvpn hangs system with etoken To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/799448/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 799448] Re: openvpn hangs system with etoken
Am 21.06.2011 15:20, schrieb Chuck Short: Hi, Thanks for the bug report, I was wondering how I can reproduce this? Another data point I forgot to mention: openvpn in Debian Squeeze works just fine. This is the exact same version as in 11.04: Debian mb@eris:~$ /usr/sbin/openvpn --version OpenVPN 2.1.3 x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Oct 22 2010 Originally developed by James Yonan Copyright (C) 2002-2010 OpenVPN Technologies, Inc. sa...@openvpn.net -- PGP fingerprint: A391 4109 F8D0 F67B C504 1EF6 0158 E3BB 3687 53CF -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in Ubuntu. https://bugs.launchpad.net/bugs/799448 Title: openvpn hangs system with etoken To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/799448/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 799448] [NEW] openvpn hangs system with etoken
Public bug reported: Binary package hint: openvpn When using openvpn with an Aladdin eToken then whole system hangs. I can reproduce this by simply entering openvpn --show-pkcs11-ids /usr/lib/opensc-pkcs11.so as root. This works flawlessly on Ubuntu 10.10 and before. Opensc seems to read the eToken quite fine: root@mb-VirtualBox:/usr/share/doc/openvpn# opensc-tool -l [opensc-tool] reader-pcsc.c:906:pcsc_detect_readers: SCardEstablishContext failed: 0x8010001d [opensc-tool] reader-pcsc.c:1015:pcsc_detect_readers: returning with: No readers found Readers known about: Nr.Driver Name 0 openct Aladdin eToken PRO 1 openct OpenCT reader (detached) root@mb-VirtualBox:/usr/share/doc/openvpn# opensc-tool -n [opensc-tool] reader-pcsc.c:906:pcsc_detect_readers: SCardEstablishContext failed: 0x8010001d [opensc-tool] reader-pcsc.c:1015:pcsc_detect_readers: returning with: No readers found Using reader with a card: Aladdin eToken PRO CardOS M4 And pkcs11-tool can see the certs on the eToken: root@mb-VirtualBox:/usr/share/doc/openvpn# pkcs11-tool -O [opensc-pkcs11] reader-pcsc.c:906:pcsc_detect_readers: SCardEstablishContext failed: 0x8010001d [opensc-pkcs11] reader-pcsc.c:1015:pcsc_detect_readers: returning with: No readers found [opensc-pkcs11] reader-pcsc.c:906:pcsc_detect_readers: SCardEstablishContext failed: 0x8010001d [opensc-pkcs11] reader-pcsc.c:1015:pcsc_detect_readers: returning with: No readers found Certificate Object, type = X.509 cert label: /C=DE/ST=NA/O=Company/CN=mb/emailAddress=michael.b...@domain.de ID: 45 Public Key Object; RSA 1024 bits label: /C=DE/ST=NA/O=Company/CN=mb/emailAddress=michael.b...@domain.de ID: 45 Usage: encrypt, verify Certificate Object, type = X.509 cert label: /C=DE/ST=NA/L=MUEHLHEIM-KAERLICH/O=Company/CN=VPN-CA/emailAddress=michael.b...@domain.de ID: 00 Public Key Object; RSA 1024 bits label: /C=DE/ST=NA/L=MUEHLHEIM-KAERLICH/O=Company/CN=VPN-CA/emailAddress=michael.b...@domain.de ID: 46 Usage: encrypt, verify ProblemType: Bug DistroRelease: Ubuntu 11.04 Package: openvpn 2.1.3-2ubuntu3 ProcVersionSignature: Ubuntu 2.6.38-8.42-generic 2.6.38.2 Uname: Linux 2.6.38-8-generic x86_64 Architecture: amd64 Date: Sun Jun 19 17:22:11 2011 InstallationMedia: Ubuntu 11.04 Natty Narwhal - Release amd64 (20110427.1) ProcEnviron: LANGUAGE=de_DE:en LANG=de_DE.UTF-8 SHELL=/bin/bash SourcePackage: openvpn UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: openvpn (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug natty unity-2d -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in Ubuntu. https://bugs.launchpad.net/bugs/799448 Title: openvpn hangs system with etoken To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/799448/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 799448] Re: openvpn hangs system with etoken
-- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in Ubuntu. https://bugs.launchpad.net/bugs/799448 Title: openvpn hangs system with etoken To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/799448/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
