The original poster reported this fatal error: Assertion failed at lzo.c:165
Winfried Truemper wrote:
OpenVPN 2.1_rc7 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] built on Jul 6 2008
For the purpose of identifying the line causing the problem I'm going to assume this is an unpatched version of OpenVPN (or at least one that doesn't change what line 165 is from the vanilla 2.1_rc7 codebase.)
There is data corruption on the link over which OpenVPN operates. Is that the cause for the failed assertion? It exits from server mode then.
The "Assertion failed at lzo.c:165" message indicates a condition during the compression routine where the packet to compress is larger than the maximum allowable payload size for the connection. Normally this will never occur, but you said that you are operating over a possibly corrupted link. It's possible that the VPN peer is attempting to compress a packet that is malformed and happens to exceed this limit.Assuming I have read the source correctly, it seems to me that the packet could be dropped (probably with an associated error to the log) rather than using an ASSERT() call. This way malformed data from internal clients behind a VPN peer won't bring down the VPN.
-- Josh
signature.asc
Description: PGP signature
signature.asc
Description: OpenPGP digital signature
