FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
198 views 1 comments
by anonymous

Under certain circumstances (especially with instable mobile connections) we are experiencing OpenVPN crash loops on RUT955 (Firmware versions 6.x) like

Fri Jul 23 07:43:13 2021 daemon.notice openvpn(client_digiv3)[3122]: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Fri Jul 23 07:43:13 2021 daemon.notice openvpn(client_digiv3)[3122]: [server_tun1] Peer Connection Initiated with [AF_INET]XX.XX.XX.XX:XXXX
Fri Jul 23 07:43:14 2021 daemon.notice openvpn(client_digiv3)[3122]: SENT CONTROL [server_tun1]: 'PUSH_REQUEST' (status=1)
Fri Jul 23 07:43:14 2021 daemon.notice openvpn(client_digiv3)[3122]: AUTH: Received control message: AUTH_FAILED
Fri Jul 23 07:43:14 2021 daemon.notice openvpn(client_digiv3)[3122]: TCP/UDP: Closing socket
Fri Jul 23 07:43:14 2021 daemon.notice openvpn(client_digiv3)[3122]: SIGTERM[soft,auth-failure] received, process exiting
Fri Jul 23 07:43:14 2021 daemon.info procd: Instance openvpn::client_digiv3 s in a crash loop 6 crashes, 3 seconds since last crash

Most of the time the system log does not contain enough information as the old entries have already have been removed, and in many cases it is possible to remotely connect to the devices only after a reboot. But in some cases we have been able at least to confirm that the openvpn process is not running any more.

Even with a daily reboot this may lead to circumstances where one may never (or only on rare occurences) be able to connect to a device because of a previous openvpn "crash". I am aware of this (and several other topics), but in my understanding a service such as openvpn should always be restarted (if necessary with an appropriate delay), and as far as I understand procd this should be possible. If one does not want an infinite retry it is possible to configure this via the openvpn resolve retry parameter.

I am glad for any input if there is an alternative that ensures openvpn to run infinitly or to avoid crash loops respectively.

1 Answer

0 votes
by anonymous

Hello,

A new RUT955 firmware version RutOS 07.01.1 was recently released:

https://wiki.teltonika-networks.com/view/RUT955_Firmware_Downloads

Update your device and test your use case then.

Regards.

by anonymous

Thanks for your reply (I know, I am a little late).

As we experienced a large disconnect issue this week due to these crash loops I wanted to provide some feedback on this:

Most of our routers in the field are running with the 6.x firmware and these will probably never be upgraded to 7.x. Nonetheless we have a couple of 7.x routers in the field as well (not sure about the detailed versions), and these experienced the same issue.

One possible solution is adding the extra option auth-retry nointeract which will prevent that OpenVPN exits under these circumstances.

Best regards