Closed knitdv closed 7 months ago
This is a duplicate of #18 and therefore I will close it. This said the list of steps you report is fairly straightforward, but I cannot reproduce the same issue when following it. Can you tell us a bit more about your setup? Where are the server and client running? How are they connected?
Это дубликат # 18, и поэтому я закрою ее. При этом говорится, что список шагов, о которых вы сообщаете, довольно прост, но я не могу воспроизвести ту же проблему при выполнении его. Не могли бы вы рассказать нам немного больше о вашей настройке? Где запущены сервер и клиент? Как они подключены?
I have this problem for a long time, I made a test bench on ubuntu where DCO with docker containers is installed. I can upload docker-compose to build the project.
I run everything on one virtual machine for ease of testing, I'm tired of making different machines for the client and server. Configuration example.
server.conf
port 1100
proto tcp-server
dev tun_server
mode server
topology subnet
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key # keep secret
dh /etc/openvpn/keys/dh.pem
tls-auth /etc/openvpn/keys/ta.key 0
client-config-dir ccd/
topology subnet
server 172.40.1.0 255.255.255.248 # internal tun0 connection IP
push "route 192.168.4.0 255.255.255.0"
route 10.0.1.0 255.255.255.0 172.40.1.2
#sndbuf 524288
#rcvbuf 524288
#push "sndbuf 524288"
#push "rcvbuf 524288"
keepalive 10 20
auth-nocache
cipher ChaCha20-Poly1305
data-ciphers ChaCha20-Poly1305
allow-compression no
persist-key
#persist-tun
status srv_status.log
log-append srv_server.log
verb 3 # verbose mode
ccd/client
ifconfig-push 172.40.1.2 255.255.255.248
iroute 10.0.1.0 255.255.255.0
client.conf
client
dev-type tun
dev tun_client
proto tcp-client
remote openvpn-server 1100 # [VPN server IP] [PORT]#nobind
tls-client
persist-key
persist-tun
ca keys/ca.crt
cert keys/client.crt
key keys/client.key
tls-auth keys/ta.key 1
dh keys/dh.pem
remote-cert-tls server
auth-nocache
cipher ChaCha20-Poly1305
data-ciphers ChaCha20-Poly1305
allow-compression no
mute-replay-warnings
ping-restart 60
verb 3
status status.log
log-append client.log
I also test using namespaces on a single host (basically the same that docker does) as it makes things easier and faster to setup :)
This is probably some race condition triggered by a combination of various things. I wonder if anything has changed lately which makes this easier to spot.
Will run a few more tests on my own today and tomorrow to see what happens.
Correction. I changed the settings to UDP, there is no such problem as described in the logs now. So the problem is only in the TCP config.
Oh, interesting! Will focus on TCP then
I will upload my project to github, give a link for tests.
the master branch contains what we believe to be a fix for this issue. would you be able to give it a try?
A user in #18 confirmed that the fix is working as expected. However, before closing this duplicate issue, I'd like to give @knitdv a chance to confirm the fix is working for him too.
A user in #18 confirmed that the fix is working as expected. However, before closing this duplicate issue, I'd like to give @knitdv a chance to confirm the fix is working for him too.
I can't install new DCO verison:
apt install openvpn-dco-dkms │RUN apt-get update &&\.
Reading package lists... Done │ apt-get install -y \
Building dependency tree... Done │ openvpn=2.6.6-bullseye0 \
Reading state information... Done │ openvpn-dco-dkms
openvpn-dco-dkms is already the newest version (0.2.20231010-bullseye0). │
The following packages were automatically installed and are no longer required: │RUN apt-get install -y\
libnvidia-rtcore libnvidia-wayland-client │ iptables
Use 'apt autoremove' to remove them. │
0 upgraded, 0 newly installed, 0 to remove and 23 not upgraded. │#inicializate dco
1 not fully installed or removed. │
After this operation, 0 B of additional disk space will be used. │RUN modprobe ovpn-dco-v2
Do you want to continue? [Y/n] y │
Setting up openvpn-dco-dkms (0.2.20231010-bullseye0) ... │RUN apt-get install -y\
Removing old ovpn-dco-0.2.20231010 DKMS files... │ easy-rsa
│
------------------------------ │
Deleting module version: 0.2.20231010 │
completely from the DKMS tree. │
------------------------------ │
Done. │
Loading new ovpn-dco-0.2.20231010 DKMS files... │
Building for 5.10.0-25-amd64 │
Building initial module for 5.10.0-25-amd64 │
Error! Bad return status for module build on kernel: 5.10.0-25-amd64 (x86_64) │
Consult /var/lib/dkms/ovpn-dco/0.2.20231010/build/make.log for more information. │
dpkg: error processing package openvpn-dco-dkms (--configure): │
installed openvpn-dco-dkms package post-installation script subprocess returned error exit status 10 │
Errors were encountered while processing: │
openvpn-dco-dkms │
needrestart is being skipped since dpkg has failed │
E: Sub-process /usr/bin/dpkg returned an error code (1)
cat /var/lib/dkms/ovpn-dco/0.2.20231010/build/make.log :
│
DKMS make.log for ovpn-dco-0.2.20231010 for kernel 5.10.0-25-amd64 (x86_64) │
Thu 09 Nov 2023 03:43:02 PM +10 │
/var/lib/dkms/ovpn-dco/0.2.20231010/build/gen-compat-autoconf.sh /var/lib/dkms/ovpn-dco/0.2.20231010/build/compat-autoconf.h │
make -C /lib/modules/5.10.0-25-amd64/build M=/var/lib/dkms/ovpn-dco/0.2.20231010/build PWD=/var/lib/dkms/ovpn-dco/0.2.20231010/build REVISION=0.2.20231010 CONFIG_OVPN_DCO_V2=m INSTALL_MOD_DIR=update│
s/ modules │
make[1]: Entering directory '/usr/src/linux-headers-5.10.0-25-amd64' │
CC [M] /var/lib/dkms/ovpn-dco/0.2.20231010/build/drivers/net/ovpn-dco/main.o │
CC [M] /var/lib/dkms/ovpn-dco/0.2.20231010/build/drivers/net/ovpn-dco/bind.o │
CC [M] /var/lib/dkms/ovpn-dco/0.2.20231010/build/drivers/net/ovpn-dco/crypto.o │
CC [M] /var/lib/dkms/ovpn-dco/0.2.20231010/build/drivers/net/ovpn-dco/ovpn.o │
CC [M] /var/lib/dkms/ovpn-dco/0.2.20231010/build/drivers/net/ovpn-dco/peer.o │
CC [M] /var/lib/dkms/ovpn-dco/0.2.20231010/build/drivers/net/ovpn-dco/sock.o │
CC [M] /var/lib/dkms/ovpn-dco/0.2.20231010/build/drivers/net/ovpn-dco/stats.o │
CC [M] /var/lib/dkms/ovpn-dco/0.2.20231010/build/drivers/net/ovpn-dco/netlink.o │
/var/lib/dkms/ovpn-dco/0.2.20231010/build/drivers/net/ovpn-dco/ovpn.c:25:10: fatal error: net/gso.h: No such file or directory │
25 | #include <net/gso.h> │
| ^~~~~~~~~~~ │
compilation terminated. │
make[4]: *** [/usr/src/linux-headers-5.10.0-25-common/scripts/Makefile.build:291: /var/lib/dkms/ovpn-dco/0.2.20231010/build/drivers/net/ovpn-dco/ovpn.o] Error 1 │
make[4]: *** Waiting for unfinished jobs.... │
make[3]: *** [/usr/src/linux-headers-5.10.0-25-common/scripts/Makefile.build:508: /var/lib/dkms/ovpn-dco/0.2.20231010/build/drivers/net/ovpn-dco] Error 2 │
make[2]: *** [/usr/src/linux-headers-5.10.0-25-common/Makefile:1856: /var/lib/dkms/ovpn-dco/0.2.20231010/build] Error 2 │
make[1]: *** [/usr/src/linux-headers-5.10.0-25-common/Makefile:192: __sub-make] Error 2 │
make[1]: Leaving directory '/usr/src/linux-headers-5.10.0-25-amd64' │
make: *** [Makefile:59: all] Error 2
what distro is that? something is off with the compatiblity layer for older kernels. however, in order to get the fix you should compile ovpn-dco from git, because the fix is not part of any package yet.
debian 11.7 ok , I'll compile from git.
Аfter my tests, the DCO module works without failures.
great! thanks a lot for your feedback!
Describe the bug DCO interface error after restarting the openvpn service or restarting the server.
Version information:
To Reproduce
Logs
Error when restarting the server , which lasts indefinitely![image](https://github.com/OpenVPN/openvpn/assets/120610336/818e506d-a757-45c2-99d4-00fe0dd5e193)