[Bug 1580356] Re: OpenVPN causes reboot failure on Xenial in AWS
*** This bug is a duplicate of bug 1598522 *** https://bugs.launchpad.net/bugs/1598522 Is there a timeline for this fix? It seems like a pretty simple fix, and it's a bit nerve-racking every time I have to reboot an OpenVPN server :) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1580356 Title: OpenVPN causes reboot failure on Xenial in AWS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1580356/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1580356] Re: OpenVPN causes reboot failure on Xenial in AWS
Simon, Yes, the instance I used as a test was using DHCP. AWS is a bit odd in that sense since, for all intents and purposes, your instance has a static internal IP address that persists across reboots. However, the instance thinks it's using DHCP. It would be as if you configured DHCP on the OpenVPN server, but configured the LAN's DHCP server to assign only one address to your OpenVPN server. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in Ubuntu. https://bugs.launchpad.net/bugs/1580356 Title: OpenVPN causes reboot failure on Xenial in AWS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1580356/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1580356] Re: OpenVPN causes reboot failure on Xenial in AWS
Greetings, Any status on this? The thread I opened on the openvpn-user mailing list has confirmed as well that this is an issue. See here: http://article.gmane.org/gmane.network.openvpn.user/36909 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in Ubuntu. https://bugs.launchpad.net/bugs/1580356 Title: OpenVPN causes reboot failure on Xenial in AWS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1580356/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1580356] Re: OpenVPN causes reboot failure on Xenial in AWS
Simon, The configuration was more or less the same, just different port numbers. Here they are for documentation purposes. Again, the only differences are the protocol, and the IP pools. UDP Config: port 1618 proto udp dev tun ca /etc/openvpn/openvpnudp-files/ca.crt cert /etc/openvpn/openvpnudp-files/server.crt key /etc/openvpn/openvpnudp-files/server.key dh /etc/openvpn/openvpnudp-files/dh3072.pem push "redirect-gateway def1 bypass-dhcp" server 10.255.248.0 255.255.254.0 remote-cert-eku "TLS Web Client Authentication" ifconfig-pool-persist /etc/openvpn/openvpnudp-files/ipp.txt keepalive 10 120 comp-lzo yes persist-key persist-tun status /var/log/openvpn-status.log verb 5 push "dhcp-option DNS 208.67.222.222" push "dhcp-option DNS 208.67.220.220" plugin /usr/lib/openvpn/openvpn-auth-ldap.so "/etc/openvpn/openvpnudp-files/auth-ldap.conf" username-as-common-name cipher AES-256-CBC topology subnet log-append /var/log/openvpn.log tls-auth /etc/openvpn/openvpnudp-files/tls.key 0 key-direction 0 tls-version-min 1.2 auth SHA512 tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 crl-verify /etc/openvpn/openvpnudp-files/crl.pem TCP Config: port 1618 proto tcp dev tun ca /etc/openvpn/openvpntcp-files/ca.crt cert /etc/openvpn/openvpntcp-files/server.crt key /etc/openvpn/openvpntcp-files/server.key dh /etc/openvpn/openvpntcp-files/dh3072.pem push "redirect-gateway def1 bypass-dhcp" server 10.255.250.0 255.255.254.0 remote-cert-eku "TLS Web Client Authentication" ifconfig-pool-persist /etc/openvpn/openvpntcp-files/ipp.txt keepalive 10 120 comp-lzo yes persist-key persist-tun status /var/log/openvpn-status.log verb 5 push "dhcp-option DNS 208.67.222.222" push "dhcp-option DNS 208.67.220.220" plugin /usr/lib/openvpn/openvpn-auth-ldap.so "/etc/openvpn/openvpntcp-files/auth-ldap.conf" username-as-common-name cipher AES-256-CBC topology subnet log-append /var/log/openvpn.log tls-auth /etc/openvpn/openvpntcp-files/tls.key 0 key-direction 0 tls-version-min 1.2 auth SHA512 tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 crl-verify /etc/openvpn/openvpntcp-files/crl.pem -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in Ubuntu. https://bugs.launchpad.net/bugs/1580356 Title: OpenVPN causes reboot failure on Xenial in AWS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1580356/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1580356] Re: OpenVPN causes reboot failure on Xenial in AWS
Simon, The setup I have is running two OpenVPN daemons on the same port (1618) but on different protocols (TCP/UDP). The post that Chris made in the AWS forum above had a much simpler, single virtual interface setup. root@ip-10-0-0-9:~# ip addr 1: lo:mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: mtu 9001 qdisc pfifo_fast state UP group default qlen 1000 link/ether 06:cc:43:0f:66:e9 brd ff:ff:ff:ff:ff:ff inet 10.0.0.9/28 brd 10.0.0.15 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::4cc:43ff:fe0f:66e9/64 scope link valid_lft forever preferred_lft forever 3: tun0: mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100 link/none inet 10.255.248.1/23 brd 10.255.249.255 scope global tun0 valid_lft forever preferred_lft forever 4: tun1: mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100 link/none inet 10.255.250.1/23 brd 10.255.251.255 scope global tun1 valid_lft forever preferred_lft forever root@ip-10-0-0-9:~# ip route default via 10.0.0.1 dev eth0 10.0.0.0/28 dev eth0 proto kernel scope link src 10.0.0.9 10.255.248.0/23 dev tun0 proto kernel scope link src 10.255.248.1 10.255.250.0/23 dev tun1 proto kernel scope link src 10.255.250.1 root@ip-10-0-0-9:~# netstat -nlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp0 0 0.0.0.0:16180.0.0.0:* LISTEN 2875/openvpn tcp0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1059/sshd tcp6 0 0 :::22 :::*LISTEN 1059/sshd udp0 0 0.0.0.0:68 0.0.0.0:* 876/dhclient udp0 0 0.0.0.0:16180.0.0.0:* 2874/openvpn Active UNIX domain sockets (only servers) Proto RefCnt Flags Type State I-Node PID/Program name Path unix 2 [ ACC ] STREAM LISTENING 8782 1/init /run/lvm/lvmpolld.socket unix 2 [ ACC ] STREAM LISTENING 208182974/systemd /run/user/1000/systemd/private unix 2 [ ACC ] SEQPACKET LISTENING 8864 1/init /run/udev/control unix 2 [ ACC ] STREAM LISTENING 8783 1/init /run/systemd/journal/stdout unix 2 [ ACC ] STREAM LISTENING 9033 1/init /run/lvm/lvmetad.socket unix 2 [ ACC ] STREAM LISTENING 109091/init /run/acpid.socket unix 2 [ ACC ] STREAM LISTENING 208503012/0 /tmp/ssh-zhPNN6x7d9/agent.3012 unix 2 [ ACC ] STREAM LISTENING 108991/init /run/snapd.socket unix 2 [ ACC ] STREAM LISTENING 108241/init /var/run/dbus/system_bus_socket unix 2 [ ACC ] STREAM LISTENING 108911/init /run/uuidd/request unix 2 [ ACC ] STREAM LISTENING 108931/init /var/lib/lxd/unix.socket unix 2 [ ACC ] STREAM LISTENING 139221074/iscsid @ISCSIADM_ABSTRACT_NAMESPACE unix 2 [ ACC ] STREAM LISTENING 176501/init /var/run/pcscd/pcscd.comm unix 2 [ ACC ] STREAM LISTENING 8778 1/init /run/systemd/private -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in Ubuntu. https://bugs.launchpad.net/bugs/1580356 Title: OpenVPN causes reboot failure on Xenial in AWS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1580356/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1580356] Re: OpenVPN causes reboot failure on Xenial in AWS
Simon, Also, which commands do you want to see? Just `ip route` ? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in Ubuntu. https://bugs.launchpad.net/bugs/1580356 Title: OpenVPN causes reboot failure on Xenial in AWS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1580356/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1580356] Re: OpenVPN causes reboot failure on Xenial in AWS
Simon, Sure. Would you prefer a Github Gist, or can I paste the outputs here directly? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in Ubuntu. https://bugs.launchpad.net/bugs/1580356 Title: OpenVPN causes reboot failure on Xenial in AWS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1580356/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs