[ninux-dev] Problema con openvpn firmware nnxx Palermo
Claudio
claud43 at gmail.com
Tue Feb 7 12:39:59 CET 2017
ok, ho fatto la modifica su entrambi i router file /etc/openvpn ho causato
una mancanza di rotte riavviandoli in un modo temporizzato la vpn si
connette alla disponibilità di internet e della risoluzione del nome..
i log:
Tue Feb 7 12:34:39 2017 OpenVPN 2.3.6 mips-openwrt-linux-gnu [SSL
(OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jan 19 2017
Tue Feb 7 12:34:39 2017 library versions: OpenSSL 1.0.2j 26 Sep 2016, LZO
2.08
Tue Feb 7 12:34:39 2017 ******* WARNING *******: null cipher specified, no
encryption will be used
Tue Feb 7 12:34:39 2017 Socket Buffers: R=[163840->131072]
S=[163840->131072]
Tue Feb 7 12:34:39 2017 RESOLVE: Cannot resolve host address:
controller.basilicata.ninux.org: Name or service not known
Tue Feb 7 12:34:39 2017 RESOLVE: Cannot resolve host address:
controller.basilicata.ninux.org: Name or service not known
Tue Feb 7 12:34:44 2017 RESOLVE: Cannot resolve host address:
controller.basilicata.ninux.org: Name or service not known
Tue Feb 7 12:34:49 2017 RESOLVE: Cannot resolve host address:
controller.basilicata.ninux.org: Name or service not known
Tue Feb 7 12:34:54 2017 RESOLVE: Cannot resolve host address:
controller.basilicata.ninux.org: Name or service not known
Tue Feb 7 12:34:59 2017 RESOLVE: Cannot resolve host address:
controller.basilicata.ninux.org: Name or service not known
Tue Feb 7 12:35:04 2017 RESOLVE: Cannot resolve host address:
controller.basilicata.ninux.org: Name or service not known
Tue Feb 7 12:35:09 2017 UDPv4 link local: [undef]
Tue Feb 7 12:35:09 2017 UDPv4 link remote: [AF_INET]176.9.187.220:1194
Tue Feb 7 12:35:09 2017 TLS: Initial packet from [AF_INET]
176.9.187.220:1194, sid=6c23f967 177a48b1
Tue Feb 7 12:35:09 2017 WARNING: this configuration may cache passwords in
memory -- use the auth-nocache option to prevent this
Tue Feb 7 12:35:10 2017 VERIFY OK: depth=1, C=IT, ST=MT, L=Matera, O=Ninux
Basilicata, OU=MyOrganizationalUnit, CN=Ninux Basilicata CA, name=EasyRSA,
emailAddress=basilicata at ml.ninux.org
Tue Feb 7 12:35:10 2017 VERIFY OK: nsCertType=SERVER
Tue Feb 7 12:35:10 2017 VERIFY OK: depth=0, C=IT, ST=MT, L=Matera, O=Ninux
Basilicata, OU=MyOrganizationalUnit, CN=server, name=EasyRSA, emailAddress=
basilicata at ml.ninux.org
Tue Feb 7 12:35:12 2017 Data Channel Encrypt: Using 160 bit message hash
'SHA1' for HMAC authentication
Tue Feb 7 12:35:12 2017 Data Channel Decrypt: Using 160 bit message hash
'SHA1' for HMAC authentication
Tue Feb 7 12:35:12 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3
DHE-RSA-AES256-SHA, 2048 bit RSA
Tue Feb 7 12:35:12 2017 [server] Peer Connection Initiated with [AF_INET]
176.9.187.220:1194
Tue Feb 7 12:35:14 2017 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Tue Feb 7 12:35:14 2017 PUSH: Received control message:
'PUSH_REPLY,route-gateway 10.27.253.1,ping 5,ping-restart 60,ifconfig
10.27.253.16 255.255.255.0'
Tue Feb 7 12:35:14 2017 OPTIONS IMPORT: timers and/or timeouts modified
Tue Feb 7 12:35:14 2017 OPTIONS IMPORT: --ifconfig/up options modified
Tue Feb 7 12:35:14 2017 OPTIONS IMPORT: route-related options modified
Tue Feb 7 12:35:14 2017 TUN/TAP device vpnbas opened
Tue Feb 7 12:35:14 2017 TUN/TAP TX queue length set to 100
Tue Feb 7 12:35:14 2017 do_ifconfig, tt->ipv6=0,
tt->did_ifconfig_ipv6_setup=0
Tue Feb 7 12:35:14 2017 /sbin/ifconfig vpnbas 10.27.253.16 netmask
255.255.255.0 mtu 1500 broadcast 10.27.253.255
Tue Feb 7 12:35:14 2017 Initialization Sequence Completed
Tue Feb 7 12:36:20 2017 write UDPv4: Network is unreachable (code=128)
Tue Feb 7 12:36:25 2017 write UDPv4: Network is unreachable (code=128)
Il giorno 7 febbraio 2017 12:29, Claudio <claud43 at gmail.com> ha scritto:
> i test in produzione servono a questo ;)
>
> ok, provo subito a fare la modifica che hai scritto
>
>
>
> Il giorno 7 febbraio 2017 12:24, Nemesis <nemesis at ninux.org> ha scritto:
>
>> Grande claudio, hai trovato un bug in uno dei componenti di openwisp2.
>>
>> Quello che ti dicevo è corretto (chi è curioso può vedere
>> "connect-retry", "ping-restart" e "resolv_retry" su
>> https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage), di default
>> openvpn prova a ristabilire il tunnel periodicamente, ma c'è un bug
>> sulla libreria che genera le configurazioni, che invece di generare:
>>
>> option resolv_retry 'infinite'
>>
>> genera:
>>
>> option resolv_retry '1'
>>
>> Quindi invece di provare a risolvere l'hostname all'infinito, dopo solo
>> 1 secondo di ritentativo si arrende e termina il processo.
>>
>> Ho aperto un issue su github su cui proverò ad intervenire il prima
>> possibile: https://github.com/openwisp/netjsonconfig/issues/60
>>
>> Nel frattempo però mi sarebbe molto di aiuto se tu potessi provare
>> manualmente a modificare:
>>
>> /etc/config/openvpn
>>
>> correggendo la riga:
>>
>> option resolv_retry '1'
>>
>> con:
>>
>> option resolv_retry 'infinite'
>>
>> Ed effettuando un nuovo test.
>>
>> Nemesis
>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://ml.ninux.org/pipermail/ninux-dev/attachments/20170207/3184b551/attachment-0001.html>
More information about the ninux-dev
mailing list