[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Exiting from 'Management Interface' causes openvpn 2.0rc7 daemon to die


  • Subject: Re: [Openvpn-users] Exiting from 'Management Interface' causes openvpn 2.0rc7 daemon to die
  • From: Christian Røsnes <christian@xxxxxxxxx>
  • Date: Fri, 14 Jan 2005 13:39:57 +0100

On Friday 14 January 2005 04:45, James Yonan wrote:
>
> I don't think you're doing anything wrong, but I would be curious why the
> kernel thinks the address is already in use on the rebind attempt.
>
> There's definitely an argument to be made that OpenVPN should stay bound
> to the socket for the life of the daemon instance, rather than rebinding
> on client disconnect.
>

I've done some testing:

1) I've tried to bind to a higher port 31103, same problem when I exit.
The openvpn daemon dies when run as nobody.

2) I then proceeded to create a perl script which binds to 1103, and did:
# sudo -u nobody /data/perl/server.pl 1103
/data/perl/server.pl 7305: server started on port 1103 at 
                           Fri Jan 14 13:04:37 2005

This works fine: It manages to bind to port 1103 as user nobody.


3) I ran ktrace on the openvpn server, running the server as
user nobody and root, respectively. The openvpn systemcalls are:


Server run as 'nobody'
----------------------
ktrace from the server, as I exit from the management interface:
Openvpn daemon dies.

19664 openvpn  GIO   fd 1 wrote 48 bytes
       "Fri Jan 14 13:17:59 2005 MANAGEMENT: CMD 'exit'
       "
 19664 openvpn  RET   write 48/0x30
 19664 openvpn  CALL  gettimeofday(0x1ffff75b0,0)
 19664 openvpn  RET   gettimeofday 0
 19664 openvpn  CALL  gettimeofday(0x1ffff75f8,0)
 19664 openvpn  RET   gettimeofday 0
 19664 openvpn  CALL  write(0x1,0x1200e8000,0x39)
 19664 openvpn  GIO   fd 1 wrote 57 bytes
       "Fri Jan 14 13:17:59 2005 MANAGEMENT: Client disconnected
       "
 19664 openvpn  RET   write 57/0x39
 19664 openvpn  CALL  close(0x9)
 19664 openvpn  RET   close 0
 19664 openvpn  CALL  socket(0x2,0x1,0x6)
 19664 openvpn  RET   socket 4
 19664 openvpn  CALL  setsockopt(0x4,0xffff,0x4,0x1ffff7690,0x4)
 19664 openvpn  RET   setsockopt 0
 19664 openvpn  CALL  bind(0x4,0x1200e2884,0x10)
 19664 openvpn  RET   bind -1 errno 48 Address already in use
 19664 openvpn  CALL  sigprocmask(0x1,0xffffffffffffffff)
 19664 openvpn  RET   sigprocmask 0



Server run as 'root'
----------------------
ktrace from the server, as I exit from the management interface:
Openvpn daemon does not die.

 19682 openvpn  GIO   fd 1 wrote 48 bytes
       "Fri Jan 14 13:25:36 2005 MANAGEMENT: CMD 'exit'
       "
 19682 openvpn  RET   write 48/0x30
 19682 openvpn  CALL  gettimeofday(0x1ffff70f0,0)
 19682 openvpn  RET   gettimeofday 0
 19682 openvpn  CALL  gettimeofday(0x1ffff7138,0)
 19682 openvpn  RET   gettimeofday 0
 19682 openvpn  CALL  write(0x1,0x1200e8000,0x39)
 19682 openvpn  GIO   fd 1 wrote 57 bytes
       "Fri Jan 14 13:25:36 2005 MANAGEMENT: Client disconnected
       "
 19682 openvpn  RET   write 57/0x39
 19682 openvpn  CALL  close(0x9)
 19682 openvpn  RET   close 0
 19682 openvpn  CALL  socket(0x2,0x1,0x6)
 19682 openvpn  RET   socket 4
 19682 openvpn  CALL  setsockopt(0x4,0xffff,0x4,0x1ffff71d0,0x4)
 19682 openvpn  RET   setsockopt 0
 19682 openvpn  CALL  bind(0x4,0x1200e2884,0x10)
 19682 openvpn  RET   bind 0
 19682 openvpn  CALL  listen(0x4,0x1)
 19682 openvpn  RET   listen 0


Could it be that 'root' somehow "own" the filedescriptors (or similar) 
belonging to the socket ? So when nobody tries to re-bind, it fails.

Christian