Home | Devuan | Git | Forum | Packages | Popcon
Donate now!
Download

Devuan bug report logs - #726
openvpn: Fail to connect with verbosity less than 9

version graph

Package: openvpn; Maintainer for openvpn is Devuan Developers <devuan-dev@lists.dyne.org>; Source for openvpn is src:openvpn.

Reported by: Klaus Ethgen <Klaus@Ethgen.ch>

Date: Mon, 5 Dec 2022 10:46:01 UTC

Severity: normal

Found in version 2.6.0~git20221116-1devuan1

Full log

Message #5 received at submit@bugs.devuan.org (full text, mbox, reply):

Received: (at submit) by bugs.devuan.org; 5 Dec 2022 10:45:06 +0000
Return-Path: <Klaus@Ethgen.ch>
Delivered-To: bugs@devuan.org
Received: from email.devuan.org [2001:41d0:2:d06e::5c4:2612]
	by doc.devuan.org with IMAP (fetchmail-6.4.16)
	for <debbugs@localhost> (single-drop); Mon, 05 Dec 2022 10:45:06 +0000 (UTC)
Received: from email.devuan.org
	by email.devuan.org with LMTP
	id IynMGabLjWNUfQAAmSBk0A
	(envelope-from <Klaus@Ethgen.ch>)
	for <bugs@devuan.org>; Mon, 05 Dec 2022 10:44:54 +0000
Received: by email.devuan.org (Postfix, from userid 109)
	id 58AB11C67; Mon,  5 Dec 2022 10:44:54 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on email.devuan.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,SPF_PASS autolearn=ham autolearn_force=no
	version=3.4.6
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=5.9.7.51; helo=tschil.ethgen.ch; envelope-from=klaus@ethgen.ch; receiver=<UNKNOWN> 
Received: from tschil.ethgen.ch (tschil.ethgen.ch [5.9.7.51])
	by email.devuan.org (Postfix) with ESMTPS id E55502E4
	for <submit@bugs.devuan.org>; Mon,  5 Dec 2022 10:44:48 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=Ethgen.ch;
	 s=mail; h=Content-Transfer-Encoding:Content-Type:To:Subject:From:
	MIME-Version:Date:Message-ID:Sender:Reply-To:Cc:Content-ID:
	Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
	:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
	List-Subscribe:List-Post:List-Owner:List-Archive;
	bh=wwMgI8tgxecuBGXFW3psl1PeJuckikBXf7/ABsHYrJQ=; b=cG0NJySNLBLTJxFrIb2rYiKJgh
	cpGgA2pjyrDUbtilCQ+hxCb5rvKLecYVh3ZyKMePfBrGrbyMTlfqPlVYlolDjF0OJzKvSZAB0y5kZ
	fTVL7KeGntBqh/rHDfAoPFJEhqf4jJM5/xzrxTwGGg1hVpr+3px32q/1Z30YQWN4q/tzcyXT3DXsu
	wmOJZOamHSQSTf7d7d003pyHmMQtviwfkp8e/ca/1YtNcjL8txdt/Vny0KASEWqKYgxZt8lUiWk+8
	o1e/9l3R2x3a3FTmXsjYaZSDk7d5iKJ8pYbk6PuYvvMrquhDS5QLQa6JCUtplx0pyMMF5lKN5VoaM
	RVhuMjRHdigTXPQMRDEQ0qjC4n1W/wWeYbjP26bMnPoj6VWqsYRJrLQyadOrfAzIhpcvpz4FTRWoB
	3lv+fcVd8syYRbD9C5k/sOJCiSSfiFARx0N5Ue+aSgdLCJYrILYFnCV6Mt0ToiutGFc+A9vc1eyne
	nKSUjnIXFcYReA5syJJF/b/pAyTvNvuHxaKDOPeUHCw4ECzUhjt8i3Q8v+MYjcteehdm0dM/KCPd2
	6FPt2Y6MG9nBZPa75vjC4b1Tq6uY72+ja7/PHDCHYRtzRRohMHQ1btShiO9xWNCozoPqRJ5BrK/OQ
	oJAc858/iCgPCX/vGIoBWUHMpFU0rgbSfxb7O0TB0=;
Received: from [193.5.53.11] (helo=chil)
	by tschil.ethgen.ch with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <Klaus@Ethgen.ch>)
	id 1p28xo-0003to-4b; Mon, 05 Dec 2022 10:44:44 +0000
Received: from localhost ([127.0.0.1])
	by chil with esmtp (Exim 4.96)
	(envelope-from <Klaus@Ethgen.ch>)
	id 1p28xm-0002a4-2k;
	Mon, 05 Dec 2022 11:44:43 +0100
Message-ID: <b63c8d4f-ce02-f2d0-f746-a0d1e3b6fdfe@Ethgen.ch>
Date: Mon, 5 Dec 2022 11:44:43 +0100
MIME-Version: 1.0
From: Klaus Ethgen <Klaus@Ethgen.ch>
Subject: openvpn: Fail to connect with verbosity less than 9
To: Devuan Bug Tracking System <submit@bugs.devuan.org>
Content-Language: en-US
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit

Package: openvpn
Version: 2.6.0~git20221116-1devuan1
Severity: normal

Dear Maintainer,

I use opnevpn for many years with the same client configuration. But 
currently I have a problem, that I never had and that looks like a bug 
in openvpn.

I bought a new laptop and issued the credentials. Unfortunately, I got 
the messages:

Dec  5 08:31:59 chil ovpn-chil[6603]: DEPRECATED OPTION: --cipher set to 
'BF-CBC' but missing in --data-ciphers 
(AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher 
for cipher negotiations.
Dec  5 08:31:59 chil ovpn-chil[6603]: Note: Kernel support for ovpn-dco 
missing, disabling data channel offload.
Dec  5 08:31:59 chil ovpn-chil[6603]: OpenVPN 2.6_git 
x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] 
[MH/PKTINFO] [AEAD] [DCO]
Dec  5 08:31:59 chil ovpn-chil[6603]: library versions: OpenSSL 3.0.7 1 
Nov 2022, LZO 2.10
Dec  5 08:31:59 chil ovpn-chil[6605]: Outgoing Control Channel 
Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Dec  5 08:31:59 chil ovpn-chil[6605]: Incoming Control Channel 
Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Dec  5 08:31:59 chil ovpn-chil[6605]: TCP/UDP: Preserving recently used 
remote address: [AF_INET]5.9.7.51:1194
Dec  5 08:31:59 chil ovpn-chil[6605]: Socket Buffers: R=[212992->212992] 
S=[212992->212992]
Dec  5 08:31:59 chil ovpn-chil[6605]: UDPv4 link local: (not bound)
Dec  5 08:31:59 chil ovpn-chil[6605]: UDPv4 link remote: 
[AF_INET]5.9.7.51:1194
Dec  5 08:31:59 chil ovpn-chil[6605]: TLS: Initial packet from 
[AF_INET]5.9.7.51:1194, sid=285f6b71 ae378088
Dec  5 08:31:59 chil ovpn-chil[6605]: VERIFY OK: depth=1, CN=OpenVPN-CA
Dec  5 08:31:59 chil ovpn-chil[6605]: VERIFY KU OK
Dec  5 08:31:59 chil ovpn-chil[6605]: Validating certificate extended 
key usage
Dec  5 08:31:59 chil ovpn-chil[6605]: ++ Certificate has EKU (str) TLS 
Web Server Authentication, expects TLS Web Server Authentication
Dec  5 08:31:59 chil ovpn-chil[6605]: VERIFY EKU OK
Dec  5 08:31:59 chil ovpn-chil[6605]: VERIFY OK: depth=0, CN=tschil
Dec  5 08:32:59 chil ovpn-chil[6605]: TLS Error: TLS key negotiation 
failed to occur within 60 seconds (check your network connectivity)
Dec  5 08:32:59 chil ovpn-chil[6605]: TLS Error: TLS handshake failed

As you can see, the connection is working as the certificates are 
exchaned but after the EKU verifikation, I get a timeout.

I have no apparmor or selinux running.

The strangest thing is, when I start openvpn with --verb 9, it work.

So, my guess is, that there is a timing problem as the new laptop is 
pretty new ARM CPU.

-- System Information:
Distributor ID:	Devuan
Description:	Devuan GNU/Linux 5 (daedalus/ceres)
Release:	5
Codename:	daedalus ceres
Architecture: x86_64

Kernel: Linux 6.0.0-5-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled

Versions of packages openvpn depends on:
ii  debconf [debconf-2.0]      1.5.80
ii  libc6                      2.36-6
ii  libcap-ng0                 0.8.3-1+b2
ii  liblz4-1                   1.9.4-1
ii  liblzo2-2                  2.10-2
ii  libnl-3-200                3.7.0-0.2+b1
ii  libnl-genl-3-200           3.7.0-0.2+b1
ii  libpam0g                   1.5.2-5
ii  libpkcs11-helper1          1.29.0-1
ii  libssl3                    3.0.7-1
ii  lsb-base                   11.5
ii  sysvinit-utils [lsb-base]  3.05-6devuan1

Versions of packages openvpn recommends:
pn  easy-rsa  <none>

Versions of packages openvpn suggests:
ii  openssl           3.0.7-1
pn  openvpn-dco-dkms  <none>
pn  resolvconf        <none>

-- debconf information:
  openvpn/create_tun: false
Gruß
   Klaus
-- 
Klaus Ethgen                                       http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16            Klaus Ethgen <Klaus@Ethgen.ch>
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C

Send a report that this bug log contains spam.

Devuan BTS -- Powered by Debian bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.

Devuan Bugs Owner <owner@bugs.devuan.org>.
Last modified: Thu May 2 02:03:43 2024;