Bug #14590
closedOpenVPN server crashes when client closes connection
0%
Description
I have a OpenVPN server running on interface WAN2 which has a single OpenVPN client connecting to it.
The OpenVPN server crashes with error "pid 52477 (openvpn), jid 0, uid 0: exited on signal 8 (core dumped)"
when the client closes the OpenVPN connection.
The closing of the vpn client is done with this command:
pkill -SIGTERM -f 'openvpn gateway-udp-XYZ.ovpn'
The same configuration worked without issue on PfSense 2.6.0
Version of the OpenVPN client is:
OpenVPN 2.3.4 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 27 2017
library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.08
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
Compile time defines: enable_crypto=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=yes enable_fragment=yes enable_http_proxy=yes enable_iproute2=yes enable_libtool_lock=yes enable_lzo=yes enable_lzo_stub=no enable_maintainer_mode=no enable_management=yes enable_multi=yes enable_multihome=yes enable_pam_dlopen=no enable_password_save=yes enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_socks=yes enable_ssl=yes enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_win32_dll=yes enable_x509_alt_username=yes with_crypto_library=openssl with_gnu_ld=yes with_ifconfig_path=/sbin/ifconfig with_iproute_path=/sbin/ip with_mem_check=no with_plugindir='${prefix}/lib/openvpn' with_route_path=/sbin/route with_sysroot=no
Client OpenVPN config:
dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA512
tls-client
client
resolv-retry infinite
remote xyz.demo.de 6789 udp
verify-x509-name "OpenVPN_Server_XYZ" name
pkcs12 gateway-udp-XYZ.p12
tls-auth gateway-udp-XYZ-tls.key 1
ns-cert-type server
fragment 1300
mssfix
persist-tun
persist-key
tls-version-min 1.2tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
daemon
keepalive 30 240
OpenVPN server config:
dev ovpns2
verb 1
dev-type tun
dev-node /dev/tun2
writepid /var/run/openvpn_server2.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp4
auth SHA512
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
client-connect /usr/local/sbin/openvpn.attributes.sh
client-disconnect /usr/local/sbin/openvpn.attributes.sh
learn-address "/usr/local/sbin/openvpn.learn-address.sh xyz.local.lan"
local 192.168.179.2
tls-server
server 192.168.194.0 255.255.255.248
client-config-dir /var/etc/openvpn/server2/csc
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'OpenVPN_Server_XYZ' 1"
lport 6789
management /var/etc/openvpn/server2/sock unix
push "route 192.168.124.0 255.255.255.0"
push "route 192.168.76.0 255.255.255.0"
push "route 192.168.100.0 255.255.255.0"
push "dhcp-option DOMAIN xyz.local.lan"
remote-cert-tls client
capath /var/etc/openvpn/server2/ca
cert /var/etc/openvpn/server2/cert
key /var/etc/openvpn/server2/key
dh /etc/dh-parameters.2048
tls-auth /var/etc/openvpn/server2/tls-auth 0
data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC
data-ciphers-fallback AES-256-CBC
allow-compression asym
persist-remote-ip
float
topology subnet
fragment 1300
mssfix
persist-tun
persist-key
tls-version-min 1.2
keepalive 30 240tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
Updated by Jim Pingle almost 2 years ago
- Status changed from New to Rejected
This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the Netgate Forum .
If an actionable bug can be identified, then this can be reopened (or a new issue created) with more accurate details.
See Reporting Issues with pfSense Software for more information.
Updated by me me almost 2 years ago
This site is not for support or diagnostic discussion.
I did not ask for support.
If an actionable bug can be identified, then this can be reopened (or a new issue created) with more accurate details.
When a reproducible crash of the OpenVPN server process - it happens every time the OpenVPN client connection stops - is not a bug I don't know what you would call a bug.
I provided all the configuration details I thought you would need. If these are not accurate enough for you then let me know what you need and I will provide it.
Updated by Jim Pingle almost 2 years ago
me me wrote in #note-2:
This site is not for support or diagnostic discussion.
I did not ask for support.
"This crashes for me" is not a bug report. You have some detail, but not nearly enough as nobody else can reproduce this but you.
If an actionable bug can be identified, then this can be reopened (or a new issue created) with more accurate details.
When a reproducible crash of the OpenVPN server process - it happens every time the OpenVPN client connection stops - is not a bug I don't know what you would call a bug.
I provided all the configuration details I thought you would need. If these are not accurate enough for you then let me know what you need and I will provide it.
It's only reproducible for you in your environment/hardware, not for anyone else. That doesn't make it a bug, it could be something specific to your config/environment/hardware/etc. There is a fair amount more work involved on your end to isolate things since so far nobody else can crash it but you.