Home | Devuan | Git | Forum | Packages | Popcon
Donate now!
Download

Devuan bug report logs - #726
openvpn: Fail to connect with verbosity less than 9

version graph

Package: openvpn; Maintainer for openvpn is Devuan Developers <devuan-dev@lists.dyne.org>; Source for openvpn is src:openvpn.

Reported by: Klaus Ethgen <Klaus@Ethgen.ch>

Date: Mon, 5 Dec 2022 10:46:01 UTC

Severity: normal

Found in version 2.6.0~git20221116-1devuan1

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to devuan-bugs@lists.dyne.org, Devuan Developers <devuan-dev@lists.dyne.org>:
bug#726; Package openvpn. (Mon, 05 Dec 2022 10:46:01 GMT) (full text, mbox, link).

Acknowledgement sent to Klaus Ethgen <Klaus@Ethgen.ch>:
New bug report received and forwarded. Copy sent to Devuan Developers <devuan-dev@lists.dyne.org>. (Mon, 05 Dec 2022 10:46:08 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.devuan.org (full text, mbox, reply):

From: Klaus Ethgen <Klaus@Ethgen.ch>
To: Devuan Bug Tracking System <submit@bugs.devuan.org>
Subject: openvpn: Fail to connect with verbosity less than 9
Date: Mon, 5 Dec 2022 11:44:43 +0100
Package: openvpn
Version: 2.6.0~git20221116-1devuan1
Severity: normal

Dear Maintainer,

I use opnevpn for many years with the same client configuration. But 
currently I have a problem, that I never had and that looks like a bug 
in openvpn.

I bought a new laptop and issued the credentials. Unfortunately, I got 
the messages:

Dec  5 08:31:59 chil ovpn-chil[6603]: DEPRECATED OPTION: --cipher set to 
'BF-CBC' but missing in --data-ciphers 
(AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher 
for cipher negotiations.
Dec  5 08:31:59 chil ovpn-chil[6603]: Note: Kernel support for ovpn-dco 
missing, disabling data channel offload.
Dec  5 08:31:59 chil ovpn-chil[6603]: OpenVPN 2.6_git 
x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] 
[MH/PKTINFO] [AEAD] [DCO]
Dec  5 08:31:59 chil ovpn-chil[6603]: library versions: OpenSSL 3.0.7 1 
Nov 2022, LZO 2.10
Dec  5 08:31:59 chil ovpn-chil[6605]: Outgoing Control Channel 
Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Dec  5 08:31:59 chil ovpn-chil[6605]: Incoming Control Channel 
Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Dec  5 08:31:59 chil ovpn-chil[6605]: TCP/UDP: Preserving recently used 
remote address: [AF_INET]5.9.7.51:1194
Dec  5 08:31:59 chil ovpn-chil[6605]: Socket Buffers: R=[212992->212992] 
S=[212992->212992]
Dec  5 08:31:59 chil ovpn-chil[6605]: UDPv4 link local: (not bound)
Dec  5 08:31:59 chil ovpn-chil[6605]: UDPv4 link remote: 
[AF_INET]5.9.7.51:1194
Dec  5 08:31:59 chil ovpn-chil[6605]: TLS: Initial packet from 
[AF_INET]5.9.7.51:1194, sid=285f6b71 ae378088
Dec  5 08:31:59 chil ovpn-chil[6605]: VERIFY OK: depth=1, CN=OpenVPN-CA
Dec  5 08:31:59 chil ovpn-chil[6605]: VERIFY KU OK
Dec  5 08:31:59 chil ovpn-chil[6605]: Validating certificate extended 
key usage
Dec  5 08:31:59 chil ovpn-chil[6605]: ++ Certificate has EKU (str) TLS 
Web Server Authentication, expects TLS Web Server Authentication
Dec  5 08:31:59 chil ovpn-chil[6605]: VERIFY EKU OK
Dec  5 08:31:59 chil ovpn-chil[6605]: VERIFY OK: depth=0, CN=tschil
Dec  5 08:32:59 chil ovpn-chil[6605]: TLS Error: TLS key negotiation 
failed to occur within 60 seconds (check your network connectivity)
Dec  5 08:32:59 chil ovpn-chil[6605]: TLS Error: TLS handshake failed

As you can see, the connection is working as the certificates are 
exchaned but after the EKU verifikation, I get a timeout.

I have no apparmor or selinux running.

The strangest thing is, when I start openvpn with --verb 9, it work.

So, my guess is, that there is a timing problem as the new laptop is 
pretty new ARM CPU.

-- System Information:
Distributor ID:	Devuan
Description:	Devuan GNU/Linux 5 (daedalus/ceres)
Release:	5
Codename:	daedalus ceres
Architecture: x86_64

Kernel: Linux 6.0.0-5-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled

Versions of packages openvpn depends on:
ii  debconf [debconf-2.0]      1.5.80
ii  libc6                      2.36-6
ii  libcap-ng0                 0.8.3-1+b2
ii  liblz4-1                   1.9.4-1
ii  liblzo2-2                  2.10-2
ii  libnl-3-200                3.7.0-0.2+b1
ii  libnl-genl-3-200           3.7.0-0.2+b1
ii  libpam0g                   1.5.2-5
ii  libpkcs11-helper1          1.29.0-1
ii  libssl3                    3.0.7-1
ii  lsb-base                   11.5
ii  sysvinit-utils [lsb-base]  3.05-6devuan1

Versions of packages openvpn recommends:
pn  easy-rsa  <none>

Versions of packages openvpn suggests:
ii  openssl           3.0.7-1
pn  openvpn-dco-dkms  <none>
pn  resolvconf        <none>

-- debconf information:
  openvpn/create_tun: false
Gruß
   Klaus
-- 
Klaus Ethgen                                       http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16            Klaus Ethgen <Klaus@Ethgen.ch>
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C

Information forwarded to devuan-bugs@lists.dyne.org, Devuan Developers <devuan-dev@lists.dyne.org>:
bug#726; Package openvpn. (Mon, 05 Dec 2022 11:32:01 GMT) (full text, mbox, link).

Message #8 received at 726@bugs.devuan.org (full text, mbox, reply):

From: Mark Hindley <mark@hindley.org.uk>
To: Klaus Ethgen <Klaus@ethgen.ch>, 726@bugs.devuan.org
Subject: Re: bug#726: openvpn: Fail to connect with verbosity less than 9
Date: Mon, 5 Dec 2022 11:30:49 +0000
Klaus,

On Mon, Dec 05, 2022 at 11:44:43AM +0100, Klaus Ethgen wrote:
> Package: openvpn
> Version: 2.6.0~git20221116-1devuan1

Firstly, could you verify it still happens with version
2.6.0~git20221201-1devuan1 that was just built?

Thanks.

Mark

Information forwarded to devuan-bugs@lists.dyne.org, Devuan Developers <devuan-dev@lists.dyne.org>:
bug#726; Package openvpn. (Mon, 05 Dec 2022 17:06:02 GMT) (full text, mbox, link).

Acknowledgement sent to Klaus Ethgen <Klaus@ethgen.ch>:
Extra info received and forwarded to list. Copy sent to Devuan Developers <devuan-dev@lists.dyne.org>. (Mon, 05 Dec 2022 17:06:08 GMT) (full text, mbox, link).

Message #13 received at 726@bugs.devuan.org (full text, mbox, reply):

From: Klaus Ethgen <Klaus@ethgen.ch>
To: Mark Hindley <mark@hindley.org.uk>, 726@bugs.devuan.org
Subject: Re: bug#726: openvpn: Fail to connect with verbosity less than 9
Date: Mon, 5 Dec 2022 18:03:04 +0100
[Message part 1 (text/plain, inline)]
Hi,

Am Mo den  5. Dez 2022 um 12:30 schrieb Mark Hindley:
> On Mon, Dec 05, 2022 at 11:44:43AM +0100, Klaus Ethgen wrote:
> > Package: openvpn
> > Version: 2.6.0~git20221116-1devuan1
> 
> Firstly, could you verify it still happens with version
> 2.6.0~git20221201-1devuan1 that was just built?

Yes, I will do that; but only next monday...

Cause it gets more strange. I see that behaviour only in one network,
the one of PHZH. In other networks, the VPN works well. Again, with
-verb 9 it works while with -verb 8 it doesn't. And with my older
device, the VPN is working without problems.

So, a combination of a specific network and a race condition?

Regards
   Klaus
-- 
Klaus Ethgen                                       http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16            Klaus Ethgen <Klaus@Ethgen.ch>
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C

[signature.asc (application/pgp-signature, inline)]

Send a report that this bug log contains spam.

Devuan BTS -- Powered by Debian bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.

Devuan Bugs Owner <owner@bugs.devuan.org>.
Last modified: Fri Apr 19 00:32:04 2024;