[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Connect scripts failing with variables (glibc detected double free or corruption)

  • Subject: Re: [Openvpn-users] Connect scripts failing with variables (glibc detected double free or corruption)
  • From: "John A. Sullivan III" <jsullivan@xxxxxxxxxxxxxxxxxxx>
  • Date: Sat, 31 Dec 2005 17:25:03 -0500
I found it and my apologies.  Someone had loaded conflicting versions of
iptables on the server.  That conflict was causing the seg faults - John

On Fri, 2005-12-30 at 03:45 -0500, John A. Sullivan III wrote:
> I'm pulling my hair our after hours of beating my head against the wall.
> We are trying to use a client-connect script.  The script is simple:
> 
> #!/bin/sh
> IF_TYPE=tun+
> PEER_ADDR=$ifconfig_pool_remote_ip
> PEER_ID=$tls_id_0
> PEER_CA=$tls_id_1
> PEPDIR=/etc/openvpn
> . $PEPDIR/DNRead A
> exit 0
> 
> DNRead is a more complex script that set dynamic iptables rules based
> upon the user's X.509 DER_ASN.1_DN.  The script works perfectly fine
> from a shell.  However, whenever openvpn tries to run it (I am running
> openvpn as root for now), I get:
> 
> Fri Dec 30 03:39:45 2005 24.xx.xx.xx:34127 [TOVPNUser] Peer Connection
> Initiated with 24.xx.xx.xx:34127
> *** glibc detected *** double free or corruption (!prev): 0x080544e0 ***
> /etc/openvpn/DNRead: line 53:  2444 Aborted                 $IPT -I
> VPN_ALLOW 1 -s "$PEER_ADDR" -j RETURN
> *** glibc detected *** double free or corruption (!prev): 0x08054048 ***
> /etc/openvpn/DNRead: line 173:  2445 Aborted                 $IPT -$1
> ACCESS_GROUPS -s "$PEER_ADDR" -i $IF_TYPE -j "${group[1]}"
> Fri Dec 30 03:39:45 2005 TOVPNUser/24.xx.xx.xx:34127 MULTI: Learn:
> 172.26.201.4 -> TOVPNUser/24.xx.xx.xx:34127
> 
> It's almost as if it is not expanding the variables.  Here is a
> pertinent excerpt from DNRead -- for testing, I even manually set the
> variables:
> 
> PEER_ID=/C=US/O=Atlas/OU=Eng/CN=TOVPNUser
> PEER_ADDR=172.26.201.4
> PEER_CA=/C=US/O=Atlas/OU=PKI/CN=AtlasTestCA
> IF_TYPE=tun+
> PEPDIR=/etc/openvpn
> echo "Action=$1 ID=$PEER_ID IP=$PEER_ADDR CA=$PEER_CA IF=$IF_TYPE IPT=
> $(which iptables)" >> /var/openvpn/learn.log
> 
> if [[ "$1" != [AD] ]] # make sure we've passed the needed parameters
> from X509updown
> then
>         echo "Needed action parameter not passed to iptables - aborting
> connection!!!!!"
>         exit 13
> fi
> DelimitedID="$PEER_ID/"  # We need to add a / on the end or the match
> test for the last field will not work
> IPT=$(which iptables)
> 
> case $1 in
>         "A" )
>                 $IPT -I VPN_ALLOW 1 -s "$PEER_ADDR" -j RETURN
>                 ;;
>         "D" )
>                 $IPT -D VPN_ALLOW -s "$PEER_ADDR" -j RETURN
>                 ;;
>         * )
>                 echo "Needed action parameter not passed to iptables -
> aborting connection!!!!!"
>                 exit 13
>                 ;;
> esac
> 
> What in the world is going on! Thanks - John
> 
> PS - openvpn-2.1 beta7 on Fedora Core 3 in a Xen domU
> 
-- 
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan@xxxxxxxxxxxxxxxxxxx

Financially sustainable open source development
http://www.opensourcedevel.com


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users