Hi, A few thoughts, below.
Thanks! ... Russell -----Original Message----- From: gert [mailto:g...@delta2.greenie.net] Sent: Saturday, October 24, 2015 2:20 AM To: Morris, Russell <rmor...@rkmorris.us> Cc: Selva Nair <selva.n...@gmail.com>; openvpn-devel@lists.sourceforge.net Subject: Re: [Openvpn-devel] Creating a Windows team for OpenVPN? Hi, On 2015-10-23 22:22, Morris, Russell wrote: > Just a bit more on this. I initiated an OpenVPN connection – it > connects, says all is happy, except the output from the management > interface is, > > Ø STATE:1445605521,CONNECTED,ERROR,,10.138.15.10 I'd love to see the openvpn log on this. This message in itself is not enough to figure out what it did not like. [R. Morris] Yep, trying to capture this. Logs were being reset, will capture this and provide more details. > And the TAP IP is garbage (169.x.x.x). So I reset the TAP adapter > (disable), Well, 169.254.x.x is "I want to do DHCP, but nobody is talking to me" - so this is to be expected if OpenVPN is unhappy. [R. Morris] Agreed! Just letting you know the steps I see. > Ø FATAL:TUN/TAP I/O operation aborted, exiting > > OpenVPN exits when TAP is disabled (should it?). Well. Don't do this :-) - removing an active interface behind the back of a program talking to it is not a normal situation, and as such, OpenVPN does the only thing it can: terminate. There is no way to go on if basic assumptions ("I can talk to my tap adapter") are no longer valid. [R. Morris] Also agreed, but I'm not doing this on purpose ... :-). Seems to happen on standby / resume. Again, will try to duplicate with detailed logs. > So there are some stability related issues we may need to correct. There is a connection issue which needs to be solved, right. But I would not call it a "stability issue"... [R. Morris] NP, perhaps poor wording on my part. > In particular, if TAP is disabled, should OpenVPN exit? Yes, because recovering from that would basically mean "undo everything that has happened in the code so far and start from scratch" (since we have no idea why the TAP adapter suddenly is no longer working). So "exit, and let the caller restart us" is the sensible way to achieve that. [R. Morris] Makes sense. > Perhaps it > should. But also, after a connection the TAP adapter shouldn’t be > “hung”, right? Log :-) - since OpenVPN knows that there is an ERROR, all the details should be in the openvpn log. (Restarting openvpn itself without fiddling with the tap adapter will most likely have the same effect - "make it try again and then it works") [R. Morris] Yep, will try to capture more detailed logs. Thanks! gert
