8332 questions

9799 answers

15587 comments

13964 members

0 votes
41 views 0 comments
by

Under certain circumstances (especially with instable mobile connections) we are experiencing OpenVPN crash loops on RUT955 (Firmware versions 6.x) like

Fri Jul 23 07:43:13 2021 daemon.notice openvpn(client_digiv3)[3122]: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Fri Jul 23 07:43:13 2021 daemon.notice openvpn(client_digiv3)[3122]: [server_tun1] Peer Connection Initiated with [AF_INET]XX.XX.XX.XX:XXXX
Fri Jul 23 07:43:14 2021 daemon.notice openvpn(client_digiv3)[3122]: SENT CONTROL [server_tun1]: 'PUSH_REQUEST' (status=1)
Fri Jul 23 07:43:14 2021 daemon.notice openvpn(client_digiv3)[3122]: AUTH: Received control message: AUTH_FAILED
Fri Jul 23 07:43:14 2021 daemon.notice openvpn(client_digiv3)[3122]: TCP/UDP: Closing socket
Fri Jul 23 07:43:14 2021 daemon.notice openvpn(client_digiv3)[3122]: SIGTERM[soft,auth-failure] received, process exiting
Fri Jul 23 07:43:14 2021 daemon.info procd: Instance openvpn::client_digiv3 s in a crash loop 6 crashes, 3 seconds since last crash

Most of the time the system log does not contain enough information as the old entries have already have been removed, and in many cases it is possible to remotely connect to the devices only after a reboot. But in some cases we have been able at least to confirm that the openvpn process is not running any more.

Even with a daily reboot this may lead to circumstances where one may never (or only on rare occurences) be able to connect to a device because of a previous openvpn "crash". I am aware of this (and several other topics), but in my understanding a service such as openvpn should always be restarted (if necessary with an appropriate delay), and as far as I understand procd this should be possible. If one does not want an infinite retry it is possible to configure this via the openvpn resolve retry parameter.

I am glad for any input if there is an alternative that ensures openvpn to run infinitly or to avoid crash loops respectively.

1 Answer

0 votes
by

Hello,

A new RUT955 firmware version RutOS 07.01.1 was recently released:

https://wiki.teltonika-networks.com/view/RUT955_Firmware_Downloads

Update your device and test your use case then.

Regards.