-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package: openvpn Version: 2.3.2-4
Hi Alberto, Original bug description at: https://bugs.launchpad.net/bugs/1200519 Restarting a VPN connection sometimes fails due to a race between the connection tear down and the re-execution. Here is a log extract generated by a restart (triggered at 16:15:30): Jul 12 16:15:28 simon ovpn-test[497]: Initialization Sequence Completed Jul 12 16:15:30 simon ovpn-test[497]: event_wait : Interrupted system call (code=4) Jul 12 16:15:30 simon ovpn-test[497]: SIGTERM received, sending exit notification to peer Jul 12 16:15:31 simon ovpn-test[554]: OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Feb 27 2013 ... Jul 12 16:15:31 simon ovpn-test[554]: TCP/UDP: Socket bind failed on local address [undef]: Address already in use Jul 12 16:15:31 simon ovpn-test[554]: Exiting Jul 12 16:15:32 simon ovpn-test[497]: TCP/UDP: Closing socket Jul 12 16:15:32 simon ovpn-test[497]: ERROR: Linux route delete command failed: could not execute external program Jul 12 16:15:32 ovpn-test[497]: last message repeated 2 times Jul 12 16:15:32 simon ovpn-test[497]: Closing TUN/TAP interface Jul 12 16:15:32 simon ovpn-test[497]: /sbin/ifconfig tun-avpn 0.0.0.0 Jul 12 16:15:32 simon ovpn-test[497]: Linux ip addr del failed: could not execute external program Jul 12 16:15:32 simon ovpn-test[497]: SIGTERM[soft,exit-with-notification] received, process exiting This race occurs because the tear down takes longer than the 1 second pause between "stop" and "start" actions. Please find a patch attached that replaces the kill command by start-stop-daemon with the --retry option. The patched was tested by an Ubuntu user and myself (both on Ubuntu). Please let me know what you think about the patch. I've also examine the delta in the initscript from Debian and Ubuntu and don't see any reason why they couldn't be unified. If that is also something you could consider, I'd be please to provide you more patches. Thanks for the excellent maintainer job you are doing! Best regards, Simon Deziel -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQJ8BAEBCgBmBQJR4GoLXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2QkU4QTNGQThFMjY4Q0JDRjVEOUY3MDlB QzQwNDU0RTQ4MUFCODUxAAoJEKxARU5IGrhRb9MQAMSwh3bMI3/EwWRwqtIzPjRq 4qYYcSOfAURVJJ+BIeonNiFHey91ce54hvQgyZm5Ib68RUw09ICQng0cUs8mWt0E HAx2fhGtk4Scicwqbh0wxLDbgzbkkIa5kAwY5EymmPzHGiOQpXF0JL4Mvk+2pV9P jzAEtyI3i/8TmrgjE/qxu8Py7+p+O7OmS3aA8pXUMp4o5MRpnCBZLT4UEbW2sSQ7 f6gNBPBFwUQfU65tIXwnJ6bi9Ss0ni1t2Y/lfwTwNOcWJAk12iFsCcV6q/4TlkbG PcB6ZWHLyP12m2bZR+neq4r4gPdaO4TQ7fcrUGYAlEF2coKqgOhEtxoM/oc+VRsx LMph0p+rcq1ETaX8LPJUVcKI9SCRGOJkDKpc0oLv+caj/5Niary+B3uhV8pisnDg 4pKwXGg/BeLOReY40Vb0bXDgAhmGyOgmgngd/awK7Gle76GoYqDfFMzgz/cR14Fq 0tnd9v+e+DYgH7dYClkp744dtqkhdy9bgbDZGQHOZbeiPD5rxtEoEydsZ+PLXZe9 shn8B9LBX0Q9EYWZXLUPcN4+Jq9YbaVgbgvmhrzjrmWnW7If2gXhXxO5tFTi0df3 6xyxcOEhmrDi9u7nWrJ4R0YKZjmx8hf6iwm6GabeX3L8UIbmZ5KfVXz87f+qjmoA MyhxGbiF6SKvh5J1jT7x =EoQ3 -----END PGP SIGNATURE-----
--- openvpn-debian.orig 2013-07-12 14:58:29.018020350 -0400
+++ openvpn-debian 2013-07-12 15:01:45.142243855 -0400
@@ -95,10 +95,13 @@
fi
}
stop_vpn () {
- kill `cat $PIDFILE` || true
- rm -f $PIDFILE
- [ "$OMIT_SENDSIGS" -ne 1 ] || rm -f /run/sendsigs.omit.d/openvpn.$NAME.pid
- rm -f /var/run/openvpn.$NAME.status 2> /dev/null
+ start-stop-daemon --stop --quiet --oknodo \
+ --pidfile $PIDFILE --exec $DAEMON --retry 5
+ if [ "$?" -eq 0 ]; then
+ rm -f $PIDFILE
+ [ "$OMIT_SENDSIGS" -ne 1 ] || rm -f /run/sendsigs.omit.d/openvpn.$NAME.pid
+ rm -f /var/run/openvpn.$NAME.status 2> /dev/null
+ fi
}
case "$1" in
@@ -180,7 +183,6 @@
# If openvpn if running under a different user than root we'll need to restart
if egrep '^[[:blank:]]*user[[:blank:]]' $CONFIG_DIR/$NAME.conf > /dev/null 2>&1 ; then
stop_vpn
- sleep 1
start_vpn
log_progress_msg "(restarted)"
else
@@ -206,7 +208,6 @@
restart)
shift
$0 stop ${@}
- sleep 1
$0 start ${@}
;;
cond-restart)
@@ -215,7 +216,6 @@
NAME=`echo $PIDFILE | cut -c18-`
NAME=${NAME%%.pid}
stop_vpn
- sleep 1
start_vpn
done
log_end_msg 0
openvpn-fix-stop-race-debian.patch.sig
Description: Binary data
