Bug#867113: marked as done (does not start if link-mtu is too low)

Wed, 01 Aug 2018 01:42:43 -0700 

Your message dated Wed, 01 Aug 2018 08:39:12 +0000
with message-id <[email protected]>
and subject line Bug#867113: fixed in openvpn 2.4.6-1
has caused the Debian Bug report #867113,
regarding does not start if link-mtu is too low
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
867113: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867113
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: openvpn
Version: 2.4.0-6+deb9u1
Severity: important
Tags: ipv6

Hi,

after upgrading my OpenVPN server from jessie to stretch, I found myself
without an OpenVPN server. The log is rather unhelpful, reading:

Jul  3 23:33:11 torres ovpn-server[5730]: do_ifconfig, 
tt->did_ifconfig_ipv6_setup=1
Jul  3 23:33:11 torres ovpn-server[5730]: /sbin/ip link set dev tun0 up mtu 1278
Jul  3 23:33:11 torres ovpn-server[5730]: /sbin/ip addr add dev tun0 
10.8.0.1/24 broadcast 10.8.0.255
Jul  3 23:33:11 torres named[1129]: listening on IPv4 interface tun0, 
10.8.0.1#53
Jul  3 23:33:11 torres ovpn-server[5730]: /sbin/ip -6 addr add 
2a01:238:4071:3202::1/64 dev tun0
Jul  3 23:33:11 torres ovpn-server[5730]: Linux ip -6 addr add failed: external 
program exited with error status: 2
Jul  3 23:33:11 torres ovpn-server[5730]: Exiting due to fatal error
Jul  3 23:33:11 torres named[1129]: no longer listening on 10.8.0.1#53
Jul  3 23:33:11 torres systemd[1]: [email protected]: Main process exited, 
code=exited, status=1/FAILURE
Jul  3 23:33:11 torres systemd[1]: [email protected]: Unit entered failed 
state.
Jul  3 23:33:11 torres systemd[1]: [email protected]: Failed with result 
'exit-code'.

>From an strace, I get more help:

11589 write(2, "RTNETLINK answers: No buffer space available\n", 45) = 45
11589 exit_group(2)                     = ?
11589 +++ exited with 2 +++
11580 <... wait4 resumed> [{WIFEXITED(s) && WEXITSTATUS(s) == 2}], 0, NULL) = 
11589
11580 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11589, 
si_uid=0, si_status=2, si_utime=0, si_stime=0} ---
11580 getpid()                          = 11580
11580 sendto(3, "<27>Jul  3 23:25:35 ovpn-server[11580]: Linux ip -6 addr add 
failed: external program exited with error status: 2", 113, MSG_NOSIGNAL, NULL, 
0) = 113
11580 getpid()                          = 11580
11580 sendto(3, "<29>Jul  3 23:25:35 ovpn-server[11580]: Exiting due to fatal 
error", 66, MSG_NOSIGNAL, NULL, 0) = 66
11580 close(3)                          = 0
11580 exit_group(1)                     = ?
11580 +++ exited with 1 +++

(why do I need to scrape this from strace?)

Uncommenting the server-ipv6 stanza from my server.conf makes the server
come up. Since I need IPv6, that's not an option. Both the OpenVPN
versions from stretch and stretch-security are affected.

Downgrading to the OpenVPN from jessie-security fixed the issue for me.

Greetings
Marc

-- System Information:
Debian Release: 9.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.11.8-zgsrv20080 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_DK.utf8, LC_CTYPE=en_DK.utf8 (charmap=UTF-8), 
LANGUAGE=en_DK.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages openvpn depends on:
ii  debconf [debconf-2.0]  1.5.61
ii  init-system-helpers    1.48
ii  iproute2               4.9.0-1
ii  libc6                  2.24-11+deb9u1
ii  liblz4-1               0.0~r131-2+b1
ii  liblzo2-2              2.08-1.2+b2
ii  libpam0g               1.1.8-3.6
ii  libpkcs11-helper1      1.21-1
ii  libssl1.0.2            1.0.2l-2
ii  libsystemd0            232-25
ii  lsb-base               9.20161125

Versions of packages openvpn recommends:
pn  easy-rsa  <none>

Versions of packages openvpn suggests:
ii  openssl     1.1.0f-3
pn  resolvconf  <none>

-- Configuration Files:
/etc/default/openvpn changed:
AUTOSTART="server"
OPTARGS=""
OMIT_SENDSIGS=0


-- debconf information:
openvpn/create_tun: false

-- server.conf:
local 85.214.68.41
port 1194
proto udp
dev tun
ca caconcat.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh1024.pem
server 10.8.0.0 255.255.255.0
server-ipv6 2a01:238:4071:3202::/64
ifconfig-pool-persist ipp.txt
route 10.1.0.0 255.255.0.0
client-config-dir client-config-dir
ccd-exclusive
keepalive 10 120
cipher AES-256-CBC
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 4
link-mtu 1400
topology subnet
push "topology subnet"

--- End Message ---
--- Begin Message --- 
Source: openvpn
Source-Version: 2.4.6-1

We believe that the bug you reported is fixed in the latest version of
openvpn, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jörg Frings-Fürst <[email protected]> (supplier of updated openvpn package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 30 Jul 2018 14:08:13 +0200
Source: openvpn
Binary: openvpn
Architecture: source
Version: 2.4.6-1
Distribution: unstable
Urgency: medium
Maintainer: Bernhard Schmidt <[email protected]>
Changed-By: Jörg Frings-Fürst <[email protected]>
Description:
 openvpn    - virtual private network daemon
Closes: 807808 867113 883601 895135
Changes:
 openvpn (2.4.6-1) unstable; urgency=medium
 .
   [ Jörg Frings-Fürst ]
   * New upstream release.
     - Refresh patches.
     - Fix "does not start if link-mtu is too low" (Closes: #867113).
     - Fix "auth-tokens are purged if auth-nocache is set" (Closes: #883601).
   * Migrate to debhelper 11:
     - Change debian/compat to 11.
     - Bump minimum debhelper version in debian/control to >= 11.
   * Declare compliance with Debian Policy 4.1.5 (No changes needed).
   * New debian/patches/spelling_errors.patch to correct spelling errors.
   * New debian/patches/systemd.patch to remove obsolete syslog.target.
   * debian/changelog:
     - Rewrite to DEP5 copyright format.
   * debian/control:
     - Change to my new email address.
     - Remove trailing whitespaces.
   * debian/rules:
     - Remove trailing whitespaces.
     - Replace outdated dh_installsystemd with dh_systemd_start.
     - Remove usr/share/doc/openvpn/COPYING.
     - Replace rm -f with $(RM).
   * debian/update-resolv-conf:
     - Fix "preserve order of pushed parameters" (Closes: #807808).
       Thanks to Thibaut Chèze.
     - Add syslog message if used without binary resolvconf (Closes: #895135).
       Thanks to Roger Price <[email protected]>.
   * debian/watch:
     - Use secure URI.
   * Remove obsolete debian/openvpn.lintian-overrides.
   * New README.source to explain the branching model used.
Checksums-Sha1:
 b51450992fca34c3aab16f057b96b2a5eb66b739 2072 openvpn_2.4.6-1.dsc
 4742492867df31aadc0aeea5c8b4422d1a624e69 943376 openvpn_2.4.6.orig.tar.xz
 bebdf9a8447cc2f43366e32fbac9ec70f59f300f 56328 openvpn_2.4.6-1.debian.tar.xz
 c858f528b8240b8c2b43bfa7ce5e7de82a613e93 7077 openvpn_2.4.6-1_amd64.buildinfo
Checksums-Sha256:
 4743da07a95debf065e46b79a91094c947d6c674367bec24872428397fa90c12 2072 
openvpn_2.4.6-1.dsc
 4f6434fa541cc9e363434ea71a16a62cf2615fb2f16af5b38f43ab5939998c26 943376 
openvpn_2.4.6.orig.tar.xz
 17367944e016f1d944e3fb1a12912c7b4dedf06b285c794341c328eee716924f 56328 
openvpn_2.4.6-1.debian.tar.xz
 9aa86057d8f95c0bc53073ab5df3a97d5302e149928b1e7fbe0a649ca41c443d 7077 
openvpn_2.4.6-1_amd64.buildinfo
Files:
 6849db823e7a6653ac8793d1bd097cfc 2072 net optional openvpn_2.4.6-1.dsc
 3a1f3f63bdaede443b4df49957df9405 943376 net optional openvpn_2.4.6.orig.tar.xz
 25355ce3187b892cb1fd6b518eef59e8 56328 net optional 
openvpn_2.4.6-1.debian.tar.xz
 9d4c7975499094c985b4d634673f07a2 7077 net optional 
openvpn_2.4.6-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEE1uAexRal3873GVbTd1B55bhQvJMFAlthbNIRHGJlcm5pQGRl
Ymlhbi5vcmcACgkQd1B55bhQvJNEtg//X5bj3wddDaDiy3BkuyvEVA1cBAGqWGkK
9PJ73GcNzcMNee8+YN/GLhZlZj9PfzXqeiRbC2m8Ivx9lG1OVmwe192wN6c/wkup
XCAMmUJO2jFbzc0Xx+gqhipn9Tj9o3EnBDfEDOli/cK8ErmYGFH92JOby9N9ZDWC
3louXa8tF7GMN269ba4jhio9IjvUpCwfqsybJQA/9ou2g2gO2LcNSeGqIbVGGSG7
E/ZDO1UGehyoyb2slrm6Ofv/ikg3Ucc9d0aOSomOwmNPrdpVFIFMQ0aXrwKioRkK
rzU4qeqpaS0FsV0k4Jbk3KqJ3NmAd7/AhgM6BgIrUoUt4ujyBJ1QTbY/K04gvxL7
aL+fr59yQZpfzZi1klO3op4xuAQ6Jtk6f8JWUEdWSmByfKu/GWK4mmP7LByyiExs
WP/fvY8xf3QtKtxiquWkaGktZ4dprMi22cypPA8Hd4w9z31OHnuXUxUxeRxNMOn+
eCFk72s1otDxNaT3bfF30k8tLhX63H/91K8qyv+viloTsg2qfD6hFTLzl4jSgJHU
svmS82lA+Aj5amMsqPtpmtzLR+idVo8YAWYnaztJY6uvNu+pjs2LREqLB/bd84OK
Yd9Cox3EEIB7ysi48QM2RA9fiJv681ocfWZAKz5pRKCN1cF80G1/qIVvbAkc2fCR
3RpPkcjOCUU=
=G3ZU
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to