Re: [Openvpn-users] blocking issue with management port
On 18/09/14 19:42, Gert Doering wrote: > Are you frequently connecting and disconnecting to the management port? Yes. As part of the server's "up" scripts, we call the management interface to grab some details not available via environment variables. So there was a fair amount of "echo status|nc 127.0.0.1 xxx" calls going on during this error condition with the clients > That seems to be racey, if clients and management client disconnect at > the same time - the management interface is really designed for > long-lasting connections to it, as in "start up openvpn, connect to > management interface, keep that around until openvpn ends". Doesn't > mean we shouldn't fix the races, but this is why stuff might fail if > used differently. gert Right. I'm certainly not using it as a long-term connection, all cut-n-run. I'll look to see if I can remove some of the calls, that should help -- Cheers Jason Haar Corporate Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 -- Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] blocking issue with management port
Hi, On Thu, Sep 18, 2014 at 03:13:11PM +1200, Jason Haar wrote: > End result was with just 4 clients in that state, the management port on > the server became unusable. Some times you could connect - getting the > banner - but any command you sent would just hang and never return. > Other times it would connect - but you wouldn't get the banner, and > other times it couldn't even connect! Are you frequently connecting and disconnecting to the management port? That seems to be racey, if clients and management client disconnect at the same time - the management interface is really designed for long-lasting connections to it, as in "start up openvpn, connect to management interface, keep that around until openvpn ends". Doesn't mean we shouldn't fix the races, but this is why stuff might fail if used differently. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpiBeFsIgTA7.pgp Description: PGP signature -- Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
