X-Loop: [email protected] Subject: bug#726: openvpn: Fail to connect with verbosity less than 9 Reply-To: Klaus Ethgen <[email protected]>, [email protected] Resent-From: Klaus Ethgen <[email protected]> Resent-To: [email protected] Resent-CC: Devuan Developers <[email protected]> X-Loop: [email protected] Resent-Date: Mon, 05 Dec 2022 10:46:01 +0000 Resent-Message-ID: <[email protected]> Resent-Sender: [email protected] X-Devuan-PR-Message: report 726 X-Devuan-PR-Package: openvpn X-Devuan-PR-Keywords: Received: via spool by [email protected] id=B.16702371068236 (code B); Mon, 05 Dec 2022 10:46:01 +0000 Received: (at submit) by bugs.devuan.org; 5 Dec 2022 10:45:06 +0000 Delivered-To: [email protected] Received: from email.devuan.org [2001:41d0:2:d06e::5c4:2612] by doc.devuan.org with IMAP (fetchmail-6.4.16) for <debbugs@localhost> (single-drop); Mon, 05 Dec 2022 10:45:06 +0000 (UTC) Received: from email.devuan.org by email.devuan.org with LMTP id IynMGabLjWNUfQAAmSBk0A (envelope-from <[email protected]>) for <[email protected]>; Mon, 05 Dec 2022 10:44:54 +0000 Received: by email.devuan.org (Postfix, from userid 109) id 58AB11C67; Mon, 5 Dec 2022 10:44:54 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on email.devuan.org X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, RCVD_IN_DNSWL_MED,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=5.9.7.51; helo=tschil.ethgen.ch; [email protected]; receiver=<UNKNOWN> Received: from tschil.ethgen.ch (tschil.ethgen.ch [5.9.7.51]) by email.devuan.org (Postfix) with ESMTPS id E55502E4 for <[email protected]>; Mon, 5 Dec 2022 10:44:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=Ethgen.ch; s=mail; h=Content-Transfer-Encoding:Content-Type:To:Subject:From: MIME-Version:Date:Message-ID:Sender:Reply-To:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=wwMgI8tgxecuBGXFW3psl1PeJuckikBXf7/ABsHYrJQ=; b=cG0NJySNLBLTJxFrIb2rYiKJgh cpGgA2pjyrDUbtilCQ+hxCb5rvKLecYVh3ZyKMePfBrGrbyMTlfqPlVYlolDjF0OJzKvSZAB0y5kZ fTVL7KeGntBqh/rHDfAoPFJEhqf4jJM5/xzrxTwGGg1hVpr+3px32q/1Z30YQWN4q/tzcyXT3DXsu wmOJZOamHSQSTf7d7d003pyHmMQtviwfkp8e/ca/1YtNcjL8txdt/Vny0KASEWqKYgxZt8lUiWk+8 o1e/9l3R2x3a3FTmXsjYaZSDk7d5iKJ8pYbk6PuYvvMrquhDS5QLQa6JCUtplx0pyMMF5lKN5VoaM RVhuMjRHdigTXPQMRDEQ0qjC4n1W/wWeYbjP26bMnPoj6VWqsYRJrLQyadOrfAzIhpcvpz4FTRWoB 3lv+fcVd8syYRbD9C5k/sOJCiSSfiFARx0N5Ue+aSgdLCJYrILYFnCV6Mt0ToiutGFc+A9vc1eyne nKSUjnIXFcYReA5syJJF/b/pAyTvNvuHxaKDOPeUHCw4ECzUhjt8i3Q8v+MYjcteehdm0dM/KCPd2 6FPt2Y6MG9nBZPa75vjC4b1Tq6uY72+ja7/PHDCHYRtzRRohMHQ1btShiO9xWNCozoPqRJ5BrK/OQ oJAc858/iCgPCX/vGIoBWUHMpFU0rgbSfxb7O0TB0=; Received: from [193.5.53.11] (helo=chil) by tschil.ethgen.ch with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <[email protected]>) id 1p28xo-0003to-4b; Mon, 05 Dec 2022 10:44:44 +0000 Received: from localhost ([127.0.0.1]) by chil with esmtp (Exim 4.96) (envelope-from <[email protected]>) id 1p28xm-0002a4-2k; Mon, 05 Dec 2022 11:44:43 +0100 Message-ID: <[email protected]> Date: Mon, 5 Dec 2022 11:44:43 +0100 MIME-Version: 1.0 From: Klaus Ethgen <[email protected]> To: Devuan Bug Tracking System <[email protected]> Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Package: openvpn Version: 2.6.0~git20221116-1devuan1 Severity: normal Dear Maintainer, I use opnevpn for many years with the same client configuration. But currently I have a problem, that I never had and that looks like a bug in openvpn. I bought a new laptop and issued the credentials. Unfortunately, I got the messages: Dec 5 08:31:59 chil ovpn-chil[6603]: DEPRECATED OPTION: --cipher set to 'BF-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations. Dec 5 08:31:59 chil ovpn-chil[6603]: Note: Kernel support for ovpn-dco missing, disabling data channel offload. Dec 5 08:31:59 chil ovpn-chil[6603]: OpenVPN 2.6_git x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO] Dec 5 08:31:59 chil ovpn-chil[6603]: library versions: OpenSSL 3.0.7 1 Nov 2022, LZO 2.10 Dec 5 08:31:59 chil ovpn-chil[6605]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Dec 5 08:31:59 chil ovpn-chil[6605]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Dec 5 08:31:59 chil ovpn-chil[6605]: TCP/UDP: Preserving recently used remote address: [AF_INET]5.9.7.51:1194 Dec 5 08:31:59 chil ovpn-chil[6605]: Socket Buffers: R=[212992->212992] S=[212992->212992] Dec 5 08:31:59 chil ovpn-chil[6605]: UDPv4 link local: (not bound) Dec 5 08:31:59 chil ovpn-chil[6605]: UDPv4 link remote: [AF_INET]5.9.7.51:1194 Dec 5 08:31:59 chil ovpn-chil[6605]: TLS: Initial packet from [AF_INET]5.9.7.51:1194, sid=285f6b71 ae378088 Dec 5 08:31:59 chil ovpn-chil[6605]: VERIFY OK: depth=1, CN=OpenVPN-CA Dec 5 08:31:59 chil ovpn-chil[6605]: VERIFY KU OK Dec 5 08:31:59 chil ovpn-chil[6605]: Validating certificate extended key usage Dec 5 08:31:59 chil ovpn-chil[6605]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Dec 5 08:31:59 chil ovpn-chil[6605]: VERIFY EKU OK Dec 5 08:31:59 chil ovpn-chil[6605]: VERIFY OK: depth=0, CN=tschil Dec 5 08:32:59 chil ovpn-chil[6605]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Dec 5 08:32:59 chil ovpn-chil[6605]: TLS Error: TLS handshake failed As you can see, the connection is working as the certificates are exchaned but after the EKU verifikation, I get a timeout. I have no apparmor or selinux running. The strangest thing is, when I start openvpn with --verb 9, it work. So, my guess is, that there is a timing problem as the new laptop is pretty new ARM CPU. -- System Information: Distributor ID: Devuan Description: Devuan GNU/Linux 5 (daedalus/ceres) Release: 5 Codename: daedalus ceres Architecture: x86_64 Kernel: Linux 6.0.0-5-amd64 (SMP w/16 CPU threads; PREEMPT) Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) LSM: AppArmor: enabled Versions of packages openvpn depends on: ii debconf [debconf-2.0] 1.5.80 ii libc6 2.36-6 ii libcap-ng0 0.8.3-1+b2 ii liblz4-1 1.9.4-1 ii liblzo2-2 2.10-2 ii libnl-3-200 3.7.0-0.2+b1 ii libnl-genl-3-200 3.7.0-0.2+b1 ii libpam0g 1.5.2-5 ii libpkcs11-helper1 1.29.0-1 ii libssl3 3.0.7-1 ii lsb-base 11.5 ii sysvinit-utils [lsb-base] 3.05-6devuan1 Versions of packages openvpn recommends: pn easy-rsa <none> Versions of packages openvpn suggests: ii openssl 3.0.7-1 pn openvpn-dco-dkms <none> pn resolvconf <none> -- debconf information: openvpn/create_tun: false Gruß Klaus -- Klaus Ethgen http://www.ethgen.ch/ pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen <[email protected]> Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C
Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 X-Loop: [email protected] From: "Devuan bug Tracking System" <[email protected]> To: Klaus Ethgen <[email protected]> Subject: bug#726: Acknowledgement (openvpn: Fail to connect with verbosity less than 9) Message-ID: <[email protected]> References: <[email protected]> X-Devuan-PR-Message: ack 726 X-Devuan-PR-Package: openvpn Reply-To: [email protected] Date: Mon, 05 Dec 2022 10:46:08 +0000 Thank you for filing a new bug report with Devuan. You can follow progress on this bug here: 726: https://bugs.devuan.org/cgi/= bugreport.cgi?bug=3D726. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): Devuan Developers <[email protected]> If you wish to submit further information on this problem, please send it to [email protected]. Please do not send mail to [email protected] unless you wish to report a problem with the Bug-tracking system. --=20 726: https://bugs.devuan.org/cgi/bugreport.cgi?bug=3D726 Devuan Bug Tracking System Contact [email protected] with problems
X-Loop: [email protected] Subject: bug#726: openvpn: Fail to connect with verbosity less than 9 Reply-To: Mark Hindley <[email protected]>, [email protected] Resent-From: Mark Hindley <[email protected]> Resent-To: [email protected] Resent-CC: Devuan Developers <[email protected]> X-Loop: [email protected] Resent-Date: Mon, 05 Dec 2022 11:32:01 +0000 Resent-Message-ID: <[email protected]> Resent-Sender: [email protected] X-Devuan-PR-Message: followup 726 X-Devuan-PR-Package: openvpn X-Devuan-PR-Keywords: References: <[email protected]> <[email protected]> Received: via spool by [email protected] id=B726.16702398939233 (code B ref 726); Mon, 05 Dec 2022 11:32:01 +0000 Received: (at 726) by bugs.devuan.org; 5 Dec 2022 11:31:33 +0000 Delivered-To: [email protected] Received: from email.devuan.org [2001:41d0:2:d06e::5c4:2612] by doc.devuan.org with IMAP (fetchmail-6.4.16) for <debbugs@localhost> (single-drop); Mon, 05 Dec 2022 11:31:33 +0000 (UTC) Received: from email.devuan.org by email.devuan.org with LMTP id dCGSIXDWjWOCfgAAmSBk0A (envelope-from <[email protected]>) for <[email protected]>; Mon, 05 Dec 2022 11:30:56 +0000 Received: by email.devuan.org (Postfix, from userid 109) id 726901C67; Mon, 5 Dec 2022 11:30:56 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on email.devuan.org X-Spam-Level: X-Spam-Status: No, score=0.4 required=5.0 tests=RDNS_DYNAMIC,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=193.36.131.86; helo=mx.hindley.org.uk; [email protected]; receiver=<UNKNOWN> Received: from mx.hindley.org.uk (193-36-131-86.cfwn.uk [193.36.131.86]) by email.devuan.org (Postfix) with ESMTPS id 7405C2E4 for <[email protected]>; Mon, 5 Dec 2022 11:30:51 +0000 (UTC) Received: from apollo.hindleynet ([192.168.1.3] helo=hindley.org.uk) by mx.hindley.org.uk with smtp (Exim 4.84_2) (envelope-from <[email protected]>) id 1p29gP-0005z9-P6; Mon, 05 Dec 2022 11:30:49 +0000 Received: (nullmailer pid 32621 invoked by uid 1000); Mon, 05 Dec 2022 11:30:49 -0000 Date: Mon, 5 Dec 2022 11:30:49 +0000 From: Mark Hindley <[email protected]> To: Klaus Ethgen <[email protected]>, [email protected] Message-ID: <[email protected]> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <[email protected]> Klaus, On Mon, Dec 05, 2022 at 11:44:43AM +0100, Klaus Ethgen wrote: > Package: openvpn > Version: 2.6.0~git20221116-1devuan1 Firstly, could you verify it still happens with version 2.6.0~git20221201-1devuan1 that was just built? Thanks. Mark
X-Loop: [email protected] Subject: bug#726: openvpn: Fail to connect with verbosity less than 9 Reply-To: Klaus Ethgen <[email protected]>, [email protected] Resent-From: Klaus Ethgen <[email protected]> Resent-To: [email protected] Resent-CC: Devuan Developers <[email protected]> X-Loop: [email protected] Resent-Date: Mon, 05 Dec 2022 17:06:02 +0000 Resent-Message-ID: <[email protected]> Resent-Sender: [email protected] X-Devuan-PR-Message: followup 726 X-Devuan-PR-Package: openvpn X-Devuan-PR-Keywords: References: <[email protected]> <[email protected]> <[email protected]> Received: via spool by [email protected] id=B726.167025987116065 (code B ref 726); Mon, 05 Dec 2022 17:06:02 +0000 Received: (at 726) by bugs.devuan.org; 5 Dec 2022 17:04:31 +0000 Delivered-To: [email protected] Received: from email.devuan.org [2001:41d0:2:d06e::5c4:2612] by doc.devuan.org with IMAP (fetchmail-6.4.16) for <debbugs@localhost> (single-drop); Mon, 05 Dec 2022 17:04:31 +0000 (UTC) Received: from email.devuan.org by email.devuan.org with LMTP id hLEUJE8kjmMsDgAAmSBk0A (envelope-from <[email protected]>) for <[email protected]>; Mon, 05 Dec 2022 17:03:11 +0000 Received: by email.devuan.org (Postfix, from userid 109) id 7E3901C67; Mon, 5 Dec 2022 17:03:11 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on email.devuan.org X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, RCVD_IN_DNSWL_MED,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=5.9.7.51; helo=tschil.ethgen.ch; [email protected]; receiver=<UNKNOWN> Received: from tschil.ethgen.ch (tschil.ethgen.ch [5.9.7.51]) by email.devuan.org (Postfix) with ESMTPS id 993E52E4 for <[email protected]>; Mon, 5 Dec 2022 17:03:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ethgen.ch; s=mail; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID: Subject:To:From:Date:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=8m+vbG6ayk96IqKOLAb7wLMbEBPqZm+Ez0Uuud7ht88=; b=nN5ivOAujbMgmKg8Yl0h4y4PXV MvCtpGD4korHxBtSD/3SyYlc60v25MxzjwSnQX2Wg5EGiHaftfd83qyJgEvY9xwMmmzZr6wR+ZX7K fmXozWIXq/zLhxB2XiihPE0TgJcuPRoP6vguMAOBJMo/Yts3XfP1KSnBvU/YR2DRotfmSv8uGZX6i oRTbm6TP7HA12pONxgo7hX6AY0FyAfvpaboE3qfKK6oU4ub00x3mrBNGt+Mn5uVo7Bqwu9fNfGsrv BQ5WDxrY8WEsh81JpjOzmznEOLgkqAX33+6fi/LZ55d0RfQ+fFNi/FXFLipPU9aYs4WmUyw50p4zZ 6RyXSYfwRblilems32iGH+BhDrex796zKnAduCwOmmkkhxZEk+zhHOuNqn02Tzgte4qZf4IRyOees F9A7YhDwZ26VOp+dCVoms7iU0rjLknHA0phMeEfyKcnmLZr69PSgxx4CBi3veS2pSNoVQ4LsI10Nr Cj0CdiYVWPJSDSqJfjx9/dtHKuA3f8nxakN2QhLa+8AYQ4sQTWPKmtaDM6/KvBkdrHZsaX8wCUpBj FIXd8adOevubKE5zrWqceZgpOaYnXRUlNpAIXy4ga5n2/x30UgjJSEEG5y/NbZh7hM/JZoiNrY9Xf ljCJRxpy2nlDr2PwvxrPxD4XrYdfgabZ9EAghMctQ=; Received: from [192.168.17.4] (helo=ikki.ket) by tschil.ethgen.ch with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <[email protected]>) id 1p2Erx-00063G-0F; Mon, 05 Dec 2022 17:03:05 +0000 Received: from klaus by ikki.ket with local (Exim 4.96) (envelope-from <[email protected]>) id 1p2Erw-000327-2J; Mon, 05 Dec 2022 18:03:04 +0100 Date: Mon, 5 Dec 2022 18:03:04 +0100 From: Klaus Ethgen <[email protected]> To: Mark Hindley <[email protected]>, [email protected] Message-ID: <[email protected]> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="lF86fLV6X9zBKIM/" Content-Disposition: inline In-Reply-To: <[email protected]> OpenPGP: id=79D0B06F4E20AF1C; url=http://www.ethgen.ch/~klaus/79D0B06F4E20AF1C.txt; preference=signencrypt --lF86fLV6X9zBKIM/ Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Hi, Am Mo den 5. Dez 2022 um 12:30 schrieb Mark Hindley: > On Mon, Dec 05, 2022 at 11:44:43AM +0100, Klaus Ethgen wrote: > > Package: openvpn > > Version: 2.6.0~git20221116-1devuan1 > > Firstly, could you verify it still happens with version > 2.6.0~git20221201-1devuan1 that was just built? Yes, I will do that; but only next monday... Cause it gets more strange. I see that behaviour only in one network, the one of PHZH. In other networks, the VPN works well. Again, with -verb 9 it works while with -verb 8 it doesn't. And with my older device, the VPN is working without problems. So, a combination of a specific network and a race condition? Regards Klaus -- Klaus Ethgen http://www.ethgen.ch/ pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen <[email protected]> Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C --lF86fLV6X9zBKIM/ Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Charset: ISO-8859-1 iQGzBAABCgAdFiEEMWF28vh4/UMJJLQEpnwKsYAZ9qwFAmOOJEgACgkQpnwKsYAZ 9qwnHAv+MS40Q30mcMCFcO0rhB+EC2rfy2pqyC5yVorcBdv1qbnNM9kxzhfy30mq IarODJUye+m7kHthQ2RdndkZX+WL0v3uVM6iLwFJ3aNNbeEac5R/OF+whEN0eQ9l UxTpPg5M3TRyvyi2sz36Q8KgKH4wuI8TWDtVFwQOec82FEswQ5wdyceX1iNJAAQM WESkGY4MH9UmgJQqIRlRxybKy3KtM9duy9U9U1xi7nX2LoqBQLGzjoEKs0nyf599 RBtNoFtoQy5ZZzvxckZ85ouA9Tac9in8k+HeVPZ0g5Tn2hgDneJFHbdN7EeyZM1r Y2bDr5buIHw22a1uAWkeZGfZemiCiJYyuX4X/FmR6w9Y8kTnhFV2M45wDaulQ4aP LfICv4Ps/TrurLTY/ePAyGwACJt0K0M+ZkuZvYxIrcaIMShZoet5q5l6MWCdx7JR AL3/y43mXD8g1R2KHvEUODYEKVXLth9MG5CEKS2Ww5GTps6nfoxqSqyQ/xBpoCOU KNxHBuby =xAQW -----END PGP SIGNATURE----- --lF86fLV6X9zBKIM/--
Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 X-Loop: [email protected] From: "Devuan bug Tracking System" <[email protected]> To: Klaus Ethgen <[email protected]> Subject: bug#726: Info received (bug#726: openvpn: Fail to connect with verbosity less than 9) Message-ID: <[email protected]> References: <[email protected]> X-Devuan-PR-Message: ack-info 726 X-Devuan-PR-Package: openvpn Reply-To: [email protected] Date: Mon, 05 Dec 2022 17:06:08 +0000 Thank you for the additional information you have supplied regarding this bug report. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): Devuan Developers <[email protected]> If you wish to submit further information on this problem, please send it to [email protected]. Please do not send mail to [email protected] unless you wish to report a problem with the Bug-tracking system. --=20 726: https://bugs.devuan.org/cgi/bugreport.cgi?bug=3D726 Devuan Bug Tracking System Contact [email protected] with problems
Devuan BTS -- Powered by Debian bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.
Devuan Bugs Owner <[email protected]>.
Last modified:
Sat, 18 Jan 2025 06:39:02 UTC