Package: openvpn
Version: 2.4.7-1
Severity: important
Tags: patch upstream
X-Debbugs-Cc: paul.v...@dg-i.net
Hi,
i recently upgraded an OpenVPN server that is mostly used for VPN over
TCP. The VPN server ran very unstable after the upgrade.
Also the kernel at the exact same times had the following lines:
# TCP: request_sock_TCP: Possible SYN flooding on port 1194. Dropping request.
Check SNMP counters.
I digged a little bit around and found, that this seems to be a known
problem of openvpn below 2.4.8 on machines running kernels newer than
4.3.
This very same issue is described in [1]. The fix for this seems to be
[2].
Please consider if this change could be brought into Debian 10 stable
update (e.g. 10.6), or at least provide a backport version in debian
buster backports.
Thanks,
Martin
[1]: https://community.openvpn.net/openvpn/ticket/1208
[2]:
https://community.openvpn.net/openvpn/changeset/ec0ca68f4ed1e6aa6f08f470b18e0198b7e5a4da/
-- System Information:
Debian Release: bullseye/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.7.0-2-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages openvpn depends on:
ii debconf [debconf-2.0] 1.5.74
ii iproute2 5.8.0-1
ii libc6 2.31-3
ii liblz4-1 1.9.2-2
ii liblzo2-2 2.10-2
ii libpam0g 1.3.1-5
ii libpkcs11-helper1 1.26-1+b1
ii libssl1.1 1.1.1g-1
ii libsystemd0246.2-1
ii lsb-base 11.1.0
Versions of packages openvpn recommends:
ii easy-rsa 3.0.6-1
Versions of packages openvpn suggests:
ii openssl 1.1.1g-1
pn openvpn-systemd-resolved
pn resolvconf
-- debconf information excluded
--
Martin Zobel-Helas Debian System Administrator
Debian & GNU/Linux Developer Debian Listmaster
http://about.me/zobel Debian Webmaster
GPG Fingerprint: 6B18 5642 8E41 EC89 3D5D BDBB 53B1 AC6D B11B 627B