[Bug 627973] Re: Assertion failed at socket.c:629
** Changed in: openvpn (Debian) Status: New = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in Ubuntu. https://bugs.launchpad.net/bugs/627973 Title: Assertion failed at socket.c:629 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 627973] Re: Assertion failed at socket.c:629
** Branch linked: lp:ubuntu/openvpn -- Assertion failed at socket.c:629 https://bugs.launchpad.net/bugs/627973 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 627973] Re: Assertion failed at socket.c:629
** Changed in: openvpn (Ubuntu) Status: Triaged = In Progress -- Assertion failed at socket.c:629 https://bugs.launchpad.net/bugs/627973 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 627973] Re: Assertion failed at socket.c:629
** Changed in: openvpn (Ubuntu) Status: In Progress = Fix Committed -- Assertion failed at socket.c:629 https://bugs.launchpad.net/bugs/627973 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 627973] Re: Assertion failed at socket.c:629
This bug was fixed in the package openvpn - 2.1.3-1ubuntu2 --- openvpn (2.1.3-1ubuntu2) natty; urgency=low * Fix jjo-ipv6-support.patch to avoid assertion failure at socket.c:629 in corner cases where ! host addr (LP: #627973) -- Thierry Carrez (ttx) thierry.car...@ubuntu.com Wed, 20 Oct 2010 16:22:25 +0200 ** Changed in: openvpn (Ubuntu) Status: Fix Committed = Fix Released -- Assertion failed at socket.c:629 https://bugs.launchpad.net/bugs/627973 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 627973] Re: Assertion failed at socket.c:629
** Changed in: openvpn (Debian) Status: Unknown = New -- Assertion failed at socket.c:629 https://bugs.launchpad.net/bugs/627973 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 627973] Re: Assertion failed at socket.c:629
UPDATE: I did some more testing on this. I found out that the TLS HMAC errors were the fault of an update to Viscosity (Mac OSX OpenVPN client). The program was incorrectly passing '0' for the direction of the ta.key file on the clients. So the good news is that the package in your PPA fixes this issue completely. The TLS HMAC issue was unrelated. -- Assertion failed at socket.c:629 https://bugs.launchpad.net/bugs/627973 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 627973] Re: Assertion failed at socket.c:629
Ah! That's good news indeed. I'll push the fix in SRU once the Maverick release heat calms down. ** Changed in: openvpn (Ubuntu) Status: Confirmed = Triaged ** Changed in: openvpn (Ubuntu) Assignee: (unassigned) = Thierry Carrez (ttx) -- Assertion failed at socket.c:629 https://bugs.launchpad.net/bugs/627973 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 627973] Re: Assertion failed at socket.c:629
I tested the AMD64 build on Lucid today. It fixes the socket assertion failure but still features a regression relative to upstream. With the build from you PPA and the config file I provided I get the following in syslog: TLS: Initial packet from [AF_INET]192.5.38.152:49308, sid=713f6ed1 b48b32c4 Authenticate/Decrypt packet error: packet HMAC authentication failed TLS Error: incoming packet authentication failed from [AF_INET]192.5.38.152:49308 Fatal TLS error (check_tls_errors_co), restarting OpenVPN started by inetd/xinetd cannot restart... Exiting. - To fix it I had to comment out the tls-auth lines in my client and server configuration files. For example I commented this out in my server configuration file: # tls-auth /etc/openvpn/ta.key 0 # This file is secret After doing that it works like upstream, except I am not getting the PSK protection of the TLS negotiation. So its still not working right but at least it no longer produces the socket assertion message. -- Assertion failed at socket.c:629 https://bugs.launchpad.net/bugs/627973 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 627973] Re: Assertion failed at socket.c:629
Hmm, so the problem still lies in the ipv6 support patch from debian, but is not fixed by fixing the host addr code flow. Probably your use case (usage through xinetd) hits code that triggered the assertion (host or addr is null) but will also trigger further failure... -- Assertion failed at socket.c:629 https://bugs.launchpad.net/bugs/627973 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 627973] Re: Assertion failed at socket.c:629
I think that's the same issue as the debian bug mentioned above, and is probably an incompatibility between using inetd to spawn openvpn and the ipv6 patch from Debian. In openvpn 2.0, Server Mode can be used to serve multiple clients from a single port (with scalability in mind, so all client connections are routed through a single tun or tap interface). Have you considered switching your inetd-based setup to that model ? ** Changed in: openvpn (Ubuntu) Status: In Progress = Confirmed ** Changed in: openvpn (Ubuntu) Assignee: Thierry Carrez (ttx) = (unassigned) -- Assertion failed at socket.c:629 https://bugs.launchpad.net/bugs/627973 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 627973] Re: Assertion failed at socket.c:629
Cant't do it. I need multiple clients through one port and each needs their own tap device. We use broadcast/multi-cast and stuff like wireshark. So the scalable tun approach is not for us. Basically everyone needs their own unique MAC address. -- Assertion failed at socket.c:629 https://bugs.launchpad.net/bugs/627973 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 627973] Re: Assertion failed at socket.c:629
Test packages have been uploaded to my PPA (for Lucid and Maverick) at [1]... They will build in the next hours. If those fix it, then it's an easy fix and I can push it to lucid and maverick. If not, then I'm a bit more clueless as to what happens here... Yes, I'm a Canonical employee, but I'm helping you as an Ubuntu Server core developer... My pleasure to help, and your thanks are enough as a reward :) ** Changed in: openvpn (Ubuntu) Importance: High = Medium -- Assertion failed at socket.c:629 https://bugs.launchpad.net/bugs/627973 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 627973] Re: Assertion failed at socket.c:629
[1] https://launchpad.net/~ttx/+archive/ppa -- Assertion failed at socket.c:629 https://bugs.launchpad.net/bugs/627973 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 627973] Re: Assertion failed at socket.c:629
The IPv6 patch has a case where it would hit that ASSERT if ! (host addr) -- while the upstream code would just pass without triggering any error. I'll prepare a package for you to test in a few, maybe it's just that corner case. ** Changed in: openvpn (Ubuntu) Status: Confirmed = In Progress -- Assertion failed at socket.c:629 https://bugs.launchpad.net/bugs/627973 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 627973] Re: Assertion failed at socket.c:629
Ok I would be happy to test. Not sure if its an issue but that system is now running Maverick and no longer runs Lucid. So any test won't be apples to apples. -- Assertion failed at socket.c:629 https://bugs.launchpad.net/bugs/627973 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 627973] Re: Assertion failed at socket.c:629
I suppose you reproduce the issue in maverick, so I'll build packages for Maverick. Package will build @ https://launchpad.net/~ttx/+archive/ppa -- Assertion failed at socket.c:629 https://bugs.launchpad.net/bugs/627973 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 627973] Re: Assertion failed at socket.c:629
Arh, this needs a bit more work -- more tomorrow :) -- Assertion failed at socket.c:629 https://bugs.launchpad.net/bugs/627973 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 627973] Re: Assertion failed at socket.c:629
No worries. I cobbled together a Lucid system to test this so no need to worry about Maverick anymore. I just wanted to thank you for the prompt attention you have shown this bug. Are you a Canonical employee? If so is there anyway I can provide feedback to let your employer know how pleased I am with the service you have provided? I like to make sure hard work is rewarded whenever I can. Cheers -- Assertion failed at socket.c:629 https://bugs.launchpad.net/bugs/627973 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 627973] Re: Assertion failed at socket.c:629
Could you attach your openvpn configuration ? In particular, I'm interested in seeing if you use mode p2p. ** Changed in: openvpn (Ubuntu) Status: Confirmed = Incomplete -- Assertion failed at socket.c:629 https://bugs.launchpad.net/bugs/627973 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 627973] Re: Assertion failed at socket.c:629
Not using p2p mode. Here is my server config file script-security 3 inetd nowait proto tcp-server tls-server dev tap up /etc/openvpn/per-user-up.sh down /etc/openvpn/per-user-down.sh ca /etc/openvpn/ca.crt cert /etc/openvpn/server.crt key /etc/openvpn/server.key # This file should be kept secret dh /etc/openvpn/dh2048.pem keepalive 10 120 tls-auth /etc/openvpn/ta.key 0 # This file is secret cipher AES-128-CBC # AES comp-lzo user nobody group nogroup verb 4 -- Assertion failed at socket.c:629 https://bugs.launchpad.net/bugs/627973 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 627973] Re: Assertion failed at socket.c:629
There is no specific mode set (and server is not specified), so it uses p2p mode by default. I'll have a deeper look into this. ** Changed in: openvpn (Ubuntu) Status: Incomplete = Confirmed ** Changed in: openvpn (Ubuntu) Assignee: (unassigned) = Thierry Carrez (ttx) ** Also affects: openvpn (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=574164 Importance: Unknown Status: Unknown -- Assertion failed at socket.c:629 https://bugs.launchpad.net/bugs/627973 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 627973] Re: Assertion failed at socket.c:629
Here are my related config files. Hopefully these will help as well.
per-user-up.sh
#!/bin/bash
#
# Set up Ethernet bridge on Linux
# Requires: bridge-utils
#
# Define Bridge Interface
br=bridge0
#NOTE $1 contains the tap interface name
brctl addif $br $1
ifconfig $1 mtu $2 promisc up
--
per-user-down.sh
--
#!/bin/bash
#
# Tear down Ethernet bridge on Linux
# Requires: bridge-utils
#
# Define Bridge Interface
br=bridge0
# NOTE #1 contains the tap devce name
brctl delif $br $1
ifconfig $1 down
openvpn --rmtun --dev $1
-
/etc/xinet.d/openvpn
service echo
{
disable = no
type= UNLISTED
port= 1194
socket_type = stream
protocol= tcp
user= root
wait= no
server = /usr/sbin/openvpn
server_args = --config /etc/openvpn/tcp-tap.conf.backup
}
-
The funny name for the server_args value is to prevent the SYSVINIT scripts
from trying to start a server that should only be started by xinet.d.
I have a bridge created in my /etc/networking/interfaces file called
bridge0
--
Assertion failed at socket.c:629
https://bugs.launchpad.net/bugs/627973
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openvpn in ubuntu.
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 627973] Re: Assertion failed at socket.c:629
** Attachment added: Dependencies.txt https://bugs.launchpad.net/bugs/627973/+attachment/1534064/+files/Dependencies.txt -- Assertion failed at socket.c:629 https://bugs.launchpad.net/bugs/627973 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 627973] Re: Assertion failed at socket.c:629
This is probably an issue with the debian ipv6 support patch (jjo-ipv6-support.patch). Might be the same as http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=574164 ** Bug watch added: Debian Bug tracker #574164 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=574164 ** Changed in: openvpn (Ubuntu) Importance: Undecided = High ** Changed in: openvpn (Ubuntu) Status: New = Confirmed -- Assertion failed at socket.c:629 https://bugs.launchpad.net/bugs/627973 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
