Hi,
On 25/05/2026 13:32, Piotr Dobrogost wrote:
On Wed, May 13, 2026 at 1:20 PM Piotr Dobrogost <[email protected]> wrote:
Hi,
After I upgraded from OpenVPN 2.6 to OpenVPN 2.7 (as a part of the
upgrade from Fedora 43 to Fedora 44), the OpenVPN tunnel that had been
working without problems for months stopped working. The log of
OpenVPN looks normal, with the "Initialization Sequence Completed"
entry that always signals an established tunnel. However, no data gets
through; there is no response when pinging the tunnel’s remote
endpoint or remote DNS server.
After I disabled DCO on the client side (--disable-dco), the tunnel
started to work.
My question is: how could I find out that the culprit is DCO in the first place?
Server I'm connecting with is OpenVPN 2.4.0
This looks like https://github.com/OpenVPN/openvpn/issues/422
Ah finally some info about the server :-)
Is the error in the log added in
https://github.com/lstipakov/openvpn/commit/fa4083692fefb9c94ff9366cdabe56fa52c62b72
server side?
I think the check should technically happen on both sides.
I guess it is, as it's not present in my logs.
If this error were logged on the client side, the situation would be
clear, and the reason the tunnel does not work would be obvious.
Btw, when you were checking this on Fedora 44 on your side, you must
have used at least version 2.4.5 of the server, and that's why it was
working for you.
To confirm this theory, just look at your traffic in wireshark.
The dissector will immediately tell you if packets are DATA_V1 or DATA_v2.
Although, if this is really your issue, I am not sure why it worked
before when using DCO.
You said before the upgrade your openvpn+dco client was working fine.
wasn't it?
Regards,
--
Antonio Quartulli
_______________________________________________
Openvpn-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-users
