group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #31059
[Bug 1834514] Re: client service crashes when pulled options change
Hi,
this was adressed by upstream in [1]
and by adopted by Debian/Ubuntu in version 2.4.4-1
* Further changes to debian/openvpn@.service copied from upstream
- Enable Restart=on-failure
- Use KillMode=process
which in releases means Bionic and later is already fixed in regard to your request to consider restarting it automatically.
For Xenial IMHO the SRU [2] policy forbids this change as it could
change behavior in an unexpected way without the users noticing.
Fortunately users - like you - which conciously want this change to be
active on xenial can just add the lines via `systemctl edit <service>`
RestartSec=5s
Restart=on-failure
[1]: https://github.com/OpenVPN/openvpn/commit/a4686e99b047081f0ef6f7945450183088464aa5
[2]: https://wiki.ubuntu.com/StableReleaseUpdates
** Also affects: openvpn (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: openvpn (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: openvpn (Ubuntu Xenial)
Status: New => Won't Fix
** Changed in: openvpn (Ubuntu Bionic)
Status: New => Triaged
** Changed in: openvpn (Ubuntu Bionic)
Status: Triaged => Fix Released
** Changed in: openvpn (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1834514
Title:
client service crashes when pulled options change
Status in openvpn package in Ubuntu:
Fix Released
Status in openvpn source package in Xenial:
Won't Fix
Status in openvpn source package in Bionic:
Fix Released
Bug description:
package version: 2.3.10-1ubuntu2.1
Crash logs:
Jun 27 10:51:28 ubuntu-xenial ovpn-client[1182]: Preserving previous TUN/TAP instance: tun0
Jun 27 10:51:28 ubuntu-xenial ovpn-client[1182]: NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
Jun 27 10:51:28 ubuntu-xenial ovpn-client[1182]: Closing TUN/TAP interface
Jun 27 10:51:28 ubuntu-xenial ovpn-client[1182]: /sbin/ip addr del dev tun0 local 10.66.0.32 peer 10.66.0.1
Jun 27 10:51:28 ubuntu-xenial ovpn-client[1182]: Linux ip addr del failed: external program exited with error status: 2
Jun 27 10:51:29 ubuntu-xenial ovpn-client[1182]: ROUTE_GATEWAY 10.20.0.1/255.255.240.0 IFACE=enp0s8 HWADDR=08:00:27:b0:b7:a9
Jun 27 10:51:29 ubuntu-xenial ovpn-client[1182]: ERROR: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1)
Jun 27 10:51:29 ubuntu-xenial ovpn-client[1182]: Exiting due to fatal error
Jun 27 10:51:29 ubuntu-xenial systemd[1]: openvpn@client.service: Main process exited, code=exited, status=1/FAILURE
Jun 27 10:51:29 ubuntu-xenial systemd[1]: openvpn@client.service: Unit entered failed state.
Jun 27 10:51:29 ubuntu-xenial systemd[1]: openvpn@client.service: Failed with result 'exit-code'.
When the client reconnects after a disconnect and the pulled options
change in a way that the client requires an interface reset, it
crashes, because it doesn't have the privileges anymore. Privileges
are dropped by openvpn after startup for security reason as far as i
understood.
This google search shows that this is a common problem of openvpn:
https://www.google.com/search?ei=1uIUXeXTM8_N6ATK_p6gCw&q=openvpn+Pulled+options+changed+on+restart%2C+will+need+to+close+and+reopen+TUN%2FTAP+device&oq=openvpn+Pulled+options+changed+on+restart%2C+will+need+to+close+and+reopen+TUN%2FTAP+device
I'm aware that my specific problem might be fixed by bugfixes like
this: https://community.openvpn.net/openvpn/ticket/649
But as long as the possibility exists that a change in the pulled
options require an interface reset, the service WILL crash and never
restart without manual user interaction.
This could be fixed by adding "Restart=on-failure" to the openvpn-
client@.service for example.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1834514/+subscriptions
