[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: Fwd: [Openvpn-devel] Fwd: Bug#158404: openvpn: Improper error handling


  • Subject: Re: Fwd: [Openvpn-devel] Fwd: Bug#158404: openvpn: Improper error handling
  • From: Richard A Nelson <cowboy@xxxxxxxxxxxx>
  • Date: Tue, 27 Aug 2002 13:45:08 -0400 (EDT)

On Tue, 27 Aug 2002, James Yonan wrote:

> Hello Richard,

Hi, thanks for the quick feedback

> Normally we shouldn't get EAGAIN in the UDP read loop because we block on select and don't call recvfrom until there is a datagram waiting for us.  So the fact that you are getting a lot of EAGAIN messages is interesting and probably indicative of some kind of problem.  Is there any correlation between the EAGAIN floods and some sort of real world factor such as a bad or congested network condition?

Its hard to reproduce, but congestion is definitely a possiblity

> If EAGAIN is received from recvfrom (or any other error for that matter), it is syslogged and the select event loop continues.  So your potential solutions 1 and 2 below are already being done.  Solution 3 doesn't work because OpenVPN is too asynchronous to be able to block on a single i/o call.  That's why we use select instead.

I thought that #3 might be out of the question, and I'm glad to know
that the IO is indeed retried

> Also, floods of non-fatal error returns from recvfrom are generally logged for informational purposes, but can be controlled by the --mute option so as not to clog up the log files.

I'll keep that in mind, but for now I think I'll keep the verbosity to
help in tracking

> You also mention that sometimes the session drops.  What do you mean?  Does OpenVPN crash or exit?  Does it try to renegotiate?  Does the tunnel die for a while and then come back?  What kind of encryption mode are you running in (Static Key, TLS, or cleartext)?

The tunnel seems to survive, but any open telnet/ssh/etc. session over
it timeout and die.

For now, I'm using a static key, but would like to move to certificates.

> Since I don't know how to reproduce this, I'll need more details.

It happens here every other day or so, I'll be glad to provide any
information I can.

-- 
Rick Nelson
I can saw a woman in two, but you won't want to look in the box when I do
'For My Next Trick I'll Need a Volunteer' -- Warren Zevon