----- Original Message ----- From: "Gert Doering" <g...@greenie.muc.de> To: "Selva Nair" <selva.n...@gmail.com> Cc: <openvpn-users@lists.sourceforge.net> Sent: Wednesday, October 21, 2015 7:50 PM Subject: Re: [Openvpn-users] client config fallback from 1194 udp to 80 tcp
>> Why? Because of this line in the config: >> >> persist-remote-ip >> That will keep trying X:1194 only with whatever protocol is defined >> before >> those lines (or udp by default), if persist-remote-ip is also specified. >> This is an unfortunate side-effect of that option. > Ouch. > Could you re-test whether this is still true with git master, please? I think we may have a problem Houston: # openvpn --version OpenVPN 2.3_git [git:master/e8a9e3203bf00605] i686-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH] [IPv6] built on Oct 21 2015 library versions: OpenSSL 1.0.2d 9 Jul 2015, LZO 2.09 Originally developed by James Yonan Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sa...@openvpn.net> Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=yes enable_fragment=yes enable_iproute2=no enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_management=yes enable_multi=yes enable_multihome=yes enable_pam_dlopen=no enable_password_save=no enable_pedantic=no enable_pf=yes enable_pkcs11=no enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=no enable_werror=no enable_win32_dll=yes enable_x509_alt_username=no with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_plugindir='$(libdir)/openvpn/plugins' with_sysroot=no CLIENT CONFIG RELEVANT: persist-remote-ip <connection> remote ME port 80 # gitmaster spews these errors out correctely # proto tcp wait 10 # proto tcp .. and other options are not parsed .. are with git proto tcp </connection> <connection> remote Also ME .. AKA ME2 port 1194 # gitmaster spews these errors out correctely # proto udp wait 10 # proto udp .. and other options are not parsed .. are with git proto udp </connection> LOG From FULL START not RESTART(watch out): Wed Oct 21 20:50:51 2015 us=308743 Current Parameter Settings: <..> Wed Oct 21 20:50:51 2015 us=328362 OpenVPN 2.3_git [git:master/e8a9e3203bf00605] i686-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH] [IPv6] built on Oct 21 2015 Wed Oct 21 20:50:51 2015 us=328589 library versions: OpenSSL 1.0.2d 9 Jul 2015, LZO 2.09 <..> Wed Oct 21 20:50:52 2015 us=491498 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xx.xx.xx:80 <..> Wed Oct 21 20:50:52 2015 us=491642 Socket Buffers: R=[87380->87380] S=[16384->16384] Wed Oct 21 20:50:52 2015 us=491712 Attempting to establish TCP connection with [AF_INET]xx.xx.xx.xx:80 [nonblock] Wed Oct 21 20:51:02 2015 us=513757 TCP: connect to [AF_INET]xx.xx.xx.xx:80 failed: Connection timed out Wed Oct 21 20:51:02 2015 us=514777 SIGUSR1[connection failed(soft),init_instance] received, process restarting Wed Oct 21 20:51:02 2015 us=514906 Restart pause, 5 second(s) Wed Oct 21 20:51:07 2015 us=527643 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts <..> Wed Oct 21 20:51:07 2015 us=530081 Control Channel MTU parms [ L:1602 D:1140 EF:110 EB:0 ET:0 EL:3 ] Wed Oct 21 20:51:07 2015 us=530175 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xx.xx.xx:80 Wed Oct 21 20:51:07 2015 us=537939 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xx.xx.xx:80 Wed Oct 21 20:51:07 2015 us=538095 Socket Buffers: R=[87380->87380] S=[16384->16384] Wed Oct 21 20:51:07 2015 us=538172 UDP link local: (not bound) Wed Oct 21 20:51:07 2015 us=538240 UDP link remote: [AF_INET]xx.xx.xx.xx:80 Wed Oct 21 20:51:07 2015 us=538468 write UDP: Broken pipe (code=32) Wed Oct 21 20:51:07 2015 us=538868 read UDP: Transport endpoint is not connected (code=107) Wed Oct 21 20:51:07 2015 us=538974 read UDP: Transport endpoint is not connected (code=107) Wed Oct 21 20:51:07 2015 us=539071 read UDP: Transport endpoint is not connected (code=107) <18mb of WTF> Wed Oct 21 20:51:45 2015 us=36828 read UDP: Transport endpoint is not connected (code=107) Wed Oct 21 20:51:45 2015 us=36914 read UDP: Transport endpoint is not connected (code=107) Wed Oct 21 20:51:45 2015 us=44090 read UDP: Transport endpoint is not connected (code=107) Wed Oct 21 20:51:45 2015 us=44306 read UD Wed Oct 21 20:51:45 2015 us=360253 read UDP: Transport endpoint is not connected (code=107) Wed Oct 21 20:51:45 2015 us=378884 TCP/UDP: Closing socket Wed Oct 21 20:51:45 2015 us=379209 SIGTERM[hard,] received, process exiting Burn it Link ! ------------------------------------------------------------------------------ _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
