Home | Devuan | Git | Forum | Packages | Popcon
Donate now!
Download

Devuan bug report logs - #726
openvpn: Fail to connect with verbosity less than 9

Package: openvpn; Reported by: Klaus Ethgen <[email protected]>; dated Mon, 5 Dec 2022 10:46:01 UTC; Maintainer for openvpn is Devuan Developers <[email protected]>.

Message received at [email protected]:


Received: (at 726) by bugs.devuan.org; 5 Dec 2022 17:04:31 +0000
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from email.devuan.org [2001:41d0:2:d06e::5c4:2612]
	by doc.devuan.org with IMAP (fetchmail-6.4.16)
	for <debbugs@localhost> (single-drop); Mon, 05 Dec 2022 17:04:31 +0000 (UTC)
Received: from email.devuan.org
	by email.devuan.org with LMTP
	id hLEUJE8kjmMsDgAAmSBk0A
	(envelope-from <[email protected]>)
	for <[email protected]>; Mon, 05 Dec 2022 17:03:11 +0000
Received: by email.devuan.org (Postfix, from userid 109)
	id 7E3901C67; Mon,  5 Dec 2022 17:03:11 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on email.devuan.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,SPF_PASS autolearn=ham autolearn_force=no
	version=3.4.6
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=5.9.7.51; helo=tschil.ethgen.ch; [email protected]; receiver=<UNKNOWN> 
Received: from tschil.ethgen.ch (tschil.ethgen.ch [5.9.7.51])
	by email.devuan.org (Postfix) with ESMTPS id 993E52E4
	for <[email protected]>; Mon,  5 Dec 2022 17:03:07 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ethgen.ch;
	 s=mail; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:
	Subject:To:From:Date:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:
	Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
	:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
	List-Post:List-Owner:List-Archive;
	bh=8m+vbG6ayk96IqKOLAb7wLMbEBPqZm+Ez0Uuud7ht88=; b=nN5ivOAujbMgmKg8Yl0h4y4PXV
	MvCtpGD4korHxBtSD/3SyYlc60v25MxzjwSnQX2Wg5EGiHaftfd83qyJgEvY9xwMmmzZr6wR+ZX7K
	fmXozWIXq/zLhxB2XiihPE0TgJcuPRoP6vguMAOBJMo/Yts3XfP1KSnBvU/YR2DRotfmSv8uGZX6i
	oRTbm6TP7HA12pONxgo7hX6AY0FyAfvpaboE3qfKK6oU4ub00x3mrBNGt+Mn5uVo7Bqwu9fNfGsrv
	BQ5WDxrY8WEsh81JpjOzmznEOLgkqAX33+6fi/LZ55d0RfQ+fFNi/FXFLipPU9aYs4WmUyw50p4zZ
	6RyXSYfwRblilems32iGH+BhDrex796zKnAduCwOmmkkhxZEk+zhHOuNqn02Tzgte4qZf4IRyOees
	F9A7YhDwZ26VOp+dCVoms7iU0rjLknHA0phMeEfyKcnmLZr69PSgxx4CBi3veS2pSNoVQ4LsI10Nr
	Cj0CdiYVWPJSDSqJfjx9/dtHKuA3f8nxakN2QhLa+8AYQ4sQTWPKmtaDM6/KvBkdrHZsaX8wCUpBj
	FIXd8adOevubKE5zrWqceZgpOaYnXRUlNpAIXy4ga5n2/x30UgjJSEEG5y/NbZh7hM/JZoiNrY9Xf
	ljCJRxpy2nlDr2PwvxrPxD4XrYdfgabZ9EAghMctQ=;
Received: from [192.168.17.4] (helo=ikki.ket)
	by tschil.ethgen.ch with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <[email protected]>)
	id 1p2Erx-00063G-0F; Mon, 05 Dec 2022 17:03:05 +0000
Received: from klaus by ikki.ket with local (Exim 4.96)
	(envelope-from <[email protected]>)
	id 1p2Erw-000327-2J;
	Mon, 05 Dec 2022 18:03:04 +0100
Date: Mon, 5 Dec 2022 18:03:04 +0100
From: Klaus Ethgen <[email protected]>
To: Mark Hindley <[email protected]>, [email protected]
Subject: Re: bug#726: openvpn: Fail to connect with verbosity less than 9
Message-ID: <[email protected]>
References: <[email protected]>
 <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="lF86fLV6X9zBKIM/"
Content-Disposition: inline
In-Reply-To: <[email protected]>
OpenPGP: id=79D0B06F4E20AF1C;
 url=http://www.ethgen.ch/~klaus/79D0B06F4E20AF1C.txt; preference=signencrypt


--lF86fLV6X9zBKIM/
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline

Hi,

Am Mo den  5. Dez 2022 um 12:30 schrieb Mark Hindley:
> On Mon, Dec 05, 2022 at 11:44:43AM +0100, Klaus Ethgen wrote:
> > Package: openvpn
> > Version: 2.6.0~git20221116-1devuan1
> 
> Firstly, could you verify it still happens with version
> 2.6.0~git20221201-1devuan1 that was just built?

Yes, I will do that; but only next monday...

Cause it gets more strange. I see that behaviour only in one network,
the one of PHZH. In other networks, the VPN works well. Again, with
-verb 9 it works while with -verb 8 it doesn't. And with my older
device, the VPN is working without problems.

So, a combination of a specific network and a race condition?

Regards
   Klaus
-- 
Klaus Ethgen                                       http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16            Klaus Ethgen <[email protected]>
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C

--lF86fLV6X9zBKIM/
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Comment: Charset: ISO-8859-1

iQGzBAABCgAdFiEEMWF28vh4/UMJJLQEpnwKsYAZ9qwFAmOOJEgACgkQpnwKsYAZ
9qwnHAv+MS40Q30mcMCFcO0rhB+EC2rfy2pqyC5yVorcBdv1qbnNM9kxzhfy30mq
IarODJUye+m7kHthQ2RdndkZX+WL0v3uVM6iLwFJ3aNNbeEac5R/OF+whEN0eQ9l
UxTpPg5M3TRyvyi2sz36Q8KgKH4wuI8TWDtVFwQOec82FEswQ5wdyceX1iNJAAQM
WESkGY4MH9UmgJQqIRlRxybKy3KtM9duy9U9U1xi7nX2LoqBQLGzjoEKs0nyf599
RBtNoFtoQy5ZZzvxckZ85ouA9Tac9in8k+HeVPZ0g5Tn2hgDneJFHbdN7EeyZM1r
Y2bDr5buIHw22a1uAWkeZGfZemiCiJYyuX4X/FmR6w9Y8kTnhFV2M45wDaulQ4aP
LfICv4Ps/TrurLTY/ePAyGwACJt0K0M+ZkuZvYxIrcaIMShZoet5q5l6MWCdx7JR
AL3/y43mXD8g1R2KHvEUODYEKVXLth9MG5CEKS2Ww5GTps6nfoxqSqyQ/xBpoCOU
KNxHBuby
=xAQW
-----END PGP SIGNATURE-----

--lF86fLV6X9zBKIM/--
Acknowledgement sent to Klaus Ethgen <[email protected]>:
Extra info received and forwarded to list. Copy sent to Devuan Developers <[email protected]>. Full text available.
Information forwarded to [email protected], Devuan Developers <[email protected]>:
bug#726; Package openvpn. Full text available.

Message received at [email protected]:


Received: (at 726) by bugs.devuan.org; 5 Dec 2022 11:31:33 +0000
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from email.devuan.org [2001:41d0:2:d06e::5c4:2612]
	by doc.devuan.org with IMAP (fetchmail-6.4.16)
	for <debbugs@localhost> (single-drop); Mon, 05 Dec 2022 11:31:33 +0000 (UTC)
Received: from email.devuan.org
	by email.devuan.org with LMTP
	id dCGSIXDWjWOCfgAAmSBk0A
	(envelope-from <[email protected]>)
	for <[email protected]>; Mon, 05 Dec 2022 11:30:56 +0000
Received: by email.devuan.org (Postfix, from userid 109)
	id 726901C67; Mon,  5 Dec 2022 11:30:56 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on email.devuan.org
X-Spam-Level: 
X-Spam-Status: No, score=0.4 required=5.0 tests=RDNS_DYNAMIC,SPF_PASS
	autolearn=no autolearn_force=no version=3.4.6
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=193.36.131.86; helo=mx.hindley.org.uk; [email protected]; receiver=<UNKNOWN> 
Received: from mx.hindley.org.uk (193-36-131-86.cfwn.uk [193.36.131.86])
	by email.devuan.org (Postfix) with ESMTPS id 7405C2E4
	for <[email protected]>; Mon,  5 Dec 2022 11:30:51 +0000 (UTC)
Received: from apollo.hindleynet ([192.168.1.3] helo=hindley.org.uk)
	by mx.hindley.org.uk with smtp (Exim 4.84_2)
	(envelope-from <[email protected]>)
	id 1p29gP-0005z9-P6; Mon, 05 Dec 2022 11:30:49 +0000
Received: (nullmailer pid 32621 invoked by uid 1000);
	Mon, 05 Dec 2022 11:30:49 -0000
Date: Mon, 5 Dec 2022 11:30:49 +0000
From: Mark Hindley <[email protected]>
To: Klaus Ethgen <[email protected]>, [email protected]
Subject: Re: bug#726: openvpn: Fail to connect with verbosity less than 9
Message-ID: <[email protected]>
References: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <[email protected]>
X-Debbugs-No-Ack: No Thanks

Klaus,

On Mon, Dec 05, 2022 at 11:44:43AM +0100, Klaus Ethgen wrote:
> Package: openvpn
> Version: 2.6.0~git20221116-1devuan1

Firstly, could you verify it still happens with version
2.6.0~git20221201-1devuan1 that was just built?

Thanks.

Mark
Information forwarded to [email protected], Devuan Developers <[email protected]>:
bug#726; Package openvpn. Full text available.

Message received at [email protected]:


Received: (at submit) by bugs.devuan.org; 5 Dec 2022 10:45:06 +0000
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from email.devuan.org [2001:41d0:2:d06e::5c4:2612]
	by doc.devuan.org with IMAP (fetchmail-6.4.16)
	for <debbugs@localhost> (single-drop); Mon, 05 Dec 2022 10:45:06 +0000 (UTC)
Received: from email.devuan.org
	by email.devuan.org with LMTP
	id IynMGabLjWNUfQAAmSBk0A
	(envelope-from <[email protected]>)
	for <[email protected]>; Mon, 05 Dec 2022 10:44:54 +0000
Received: by email.devuan.org (Postfix, from userid 109)
	id 58AB11C67; Mon,  5 Dec 2022 10:44:54 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on email.devuan.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,SPF_PASS autolearn=ham autolearn_force=no
	version=3.4.6
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=5.9.7.51; helo=tschil.ethgen.ch; [email protected]; receiver=<UNKNOWN> 
Received: from tschil.ethgen.ch (tschil.ethgen.ch [5.9.7.51])
	by email.devuan.org (Postfix) with ESMTPS id E55502E4
	for <[email protected]>; Mon,  5 Dec 2022 10:44:48 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=Ethgen.ch;
	 s=mail; h=Content-Transfer-Encoding:Content-Type:To:Subject:From:
	MIME-Version:Date:Message-ID:Sender:Reply-To:Cc:Content-ID:
	Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
	:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
	List-Subscribe:List-Post:List-Owner:List-Archive;
	bh=wwMgI8tgxecuBGXFW3psl1PeJuckikBXf7/ABsHYrJQ=; b=cG0NJySNLBLTJxFrIb2rYiKJgh
	cpGgA2pjyrDUbtilCQ+hxCb5rvKLecYVh3ZyKMePfBrGrbyMTlfqPlVYlolDjF0OJzKvSZAB0y5kZ
	fTVL7KeGntBqh/rHDfAoPFJEhqf4jJM5/xzrxTwGGg1hVpr+3px32q/1Z30YQWN4q/tzcyXT3DXsu
	wmOJZOamHSQSTf7d7d003pyHmMQtviwfkp8e/ca/1YtNcjL8txdt/Vny0KASEWqKYgxZt8lUiWk+8
	o1e/9l3R2x3a3FTmXsjYaZSDk7d5iKJ8pYbk6PuYvvMrquhDS5QLQa6JCUtplx0pyMMF5lKN5VoaM
	RVhuMjRHdigTXPQMRDEQ0qjC4n1W/wWeYbjP26bMnPoj6VWqsYRJrLQyadOrfAzIhpcvpz4FTRWoB
	3lv+fcVd8syYRbD9C5k/sOJCiSSfiFARx0N5Ue+aSgdLCJYrILYFnCV6Mt0ToiutGFc+A9vc1eyne
	nKSUjnIXFcYReA5syJJF/b/pAyTvNvuHxaKDOPeUHCw4ECzUhjt8i3Q8v+MYjcteehdm0dM/KCPd2
	6FPt2Y6MG9nBZPa75vjC4b1Tq6uY72+ja7/PHDCHYRtzRRohMHQ1btShiO9xWNCozoPqRJ5BrK/OQ
	oJAc858/iCgPCX/vGIoBWUHMpFU0rgbSfxb7O0TB0=;
Received: from [193.5.53.11] (helo=chil)
	by tschil.ethgen.ch with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <[email protected]>)
	id 1p28xo-0003to-4b; Mon, 05 Dec 2022 10:44:44 +0000
Received: from localhost ([127.0.0.1])
	by chil with esmtp (Exim 4.96)
	(envelope-from <[email protected]>)
	id 1p28xm-0002a4-2k;
	Mon, 05 Dec 2022 11:44:43 +0100
Message-ID: <[email protected]>
Date: Mon, 5 Dec 2022 11:44:43 +0100
MIME-Version: 1.0
From: Klaus Ethgen <[email protected]>
Subject: openvpn: Fail to connect with verbosity less than 9
To: Devuan Bug Tracking System <[email protected]>
Content-Language: en-US
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit

Package: openvpn
Version: 2.6.0~git20221116-1devuan1
Severity: normal

Dear Maintainer,

I use opnevpn for many years with the same client configuration. But 
currently I have a problem, that I never had and that looks like a bug 
in openvpn.

I bought a new laptop and issued the credentials. Unfortunately, I got 
the messages:

Dec  5 08:31:59 chil ovpn-chil[6603]: DEPRECATED OPTION: --cipher set to 
'BF-CBC' but missing in --data-ciphers 
(AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher 
for cipher negotiations.
Dec  5 08:31:59 chil ovpn-chil[6603]: Note: Kernel support for ovpn-dco 
missing, disabling data channel offload.
Dec  5 08:31:59 chil ovpn-chil[6603]: OpenVPN 2.6_git 
x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] 
[MH/PKTINFO] [AEAD] [DCO]
Dec  5 08:31:59 chil ovpn-chil[6603]: library versions: OpenSSL 3.0.7 1 
Nov 2022, LZO 2.10
Dec  5 08:31:59 chil ovpn-chil[6605]: Outgoing Control Channel 
Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Dec  5 08:31:59 chil ovpn-chil[6605]: Incoming Control Channel 
Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Dec  5 08:31:59 chil ovpn-chil[6605]: TCP/UDP: Preserving recently used 
remote address: [AF_INET]5.9.7.51:1194
Dec  5 08:31:59 chil ovpn-chil[6605]: Socket Buffers: R=[212992->212992] 
S=[212992->212992]
Dec  5 08:31:59 chil ovpn-chil[6605]: UDPv4 link local: (not bound)
Dec  5 08:31:59 chil ovpn-chil[6605]: UDPv4 link remote: 
[AF_INET]5.9.7.51:1194
Dec  5 08:31:59 chil ovpn-chil[6605]: TLS: Initial packet from 
[AF_INET]5.9.7.51:1194, sid=285f6b71 ae378088
Dec  5 08:31:59 chil ovpn-chil[6605]: VERIFY OK: depth=1, CN=OpenVPN-CA
Dec  5 08:31:59 chil ovpn-chil[6605]: VERIFY KU OK
Dec  5 08:31:59 chil ovpn-chil[6605]: Validating certificate extended 
key usage
Dec  5 08:31:59 chil ovpn-chil[6605]: ++ Certificate has EKU (str) TLS 
Web Server Authentication, expects TLS Web Server Authentication
Dec  5 08:31:59 chil ovpn-chil[6605]: VERIFY EKU OK
Dec  5 08:31:59 chil ovpn-chil[6605]: VERIFY OK: depth=0, CN=tschil
Dec  5 08:32:59 chil ovpn-chil[6605]: TLS Error: TLS key negotiation 
failed to occur within 60 seconds (check your network connectivity)
Dec  5 08:32:59 chil ovpn-chil[6605]: TLS Error: TLS handshake failed

As you can see, the connection is working as the certificates are 
exchaned but after the EKU verifikation, I get a timeout.

I have no apparmor or selinux running.

The strangest thing is, when I start openvpn with --verb 9, it work.

So, my guess is, that there is a timing problem as the new laptop is 
pretty new ARM CPU.

-- System Information:
Distributor ID:	Devuan
Description:	Devuan GNU/Linux 5 (daedalus/ceres)
Release:	5
Codename:	daedalus ceres
Architecture: x86_64

Kernel: Linux 6.0.0-5-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled

Versions of packages openvpn depends on:
ii  debconf [debconf-2.0]      1.5.80
ii  libc6                      2.36-6
ii  libcap-ng0                 0.8.3-1+b2
ii  liblz4-1                   1.9.4-1
ii  liblzo2-2                  2.10-2
ii  libnl-3-200                3.7.0-0.2+b1
ii  libnl-genl-3-200           3.7.0-0.2+b1
ii  libpam0g                   1.5.2-5
ii  libpkcs11-helper1          1.29.0-1
ii  libssl3                    3.0.7-1
ii  lsb-base                   11.5
ii  sysvinit-utils [lsb-base]  3.05-6devuan1

Versions of packages openvpn recommends:
pn  easy-rsa  <none>

Versions of packages openvpn suggests:
ii  openssl           3.0.7-1
pn  openvpn-dco-dkms  <none>
pn  resolvconf        <none>

-- debconf information:
   openvpn/create_tun: false
Gruß
    Klaus
-- 
Klaus Ethgen                                       http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16            Klaus Ethgen <[email protected]>
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C
Acknowledgement sent to Klaus Ethgen <[email protected]>:
New bug report received and forwarded. Copy sent to Devuan Developers <[email protected]>. Full text available.
Report forwarded to [email protected], Devuan Developers <[email protected]>:
bug#726; Package openvpn. Full text available.

Devuan BTS -- Powered by Debian bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.

Devuan Bugs Owner <[email protected]>.
Last modified: Sat, 18 Jan 2025 04:39:02 UTC