Hi. This morning, I tried to upgrade my 2 OpenVPN servers from 2.2.2 to 2.3.6. With the clients down, I started the 2.3.6 OpenVPN server. The server started fine. I then tried to start the clients, which were already running 2.3.6. The clients would hang and seemed unable to connect to the server. On the server, I kept seeing:
Wed Jun 3 10:22:37 2015 us=509679 brayden/130.63.97.125:44636 RESOLVE: Cannot resolve host address: netmask: Name or service not known Wed Jun 3 10:22:37 2015 us=509778 brayden/130.63.97.125:44636 MULTI: Learn: 172.16.37.125 -> brayden/130.63.97.125:44636 Wed Jun 3 10:22:37 2015 us=509795 brayden/130.63.97.125:44636 MULTI: primary virtual IP for brayden/130.63.97.125:44636: 172.16.37.125 Running 2.2.2 on the server, the "RESOLVE:" error line did not exist. I tried to enable extra debugging on the server, but really, I couldn't see any errors other than the resolve error. Since I had a very short window where I could do the upgrade, I resorted the OpenVPN servers back to 2.2.2. The clients were still running 2.3.6. Everything was fine. In retrospect, I wish I had enabled logging on the client, and capture verbose logs. Maybe there were additional errors there. I setup a test 2.3.6 server with the identical config, and a 2.3.6 client, and the 2.3.6 client connects to the test 2.3.6 server perfectly fine, even though the "RESOLVE" error is still generated in the log file. I wish I could understand why it failed this morning, but it works now. That being said, I'd like to understand why the RESOLVE error is generated, and how to get rid of it before I try the upgrade to 2.3.6 again. The error seems to be complaining about both the host address, and the netmask, but it seems to resolve fine in the next line. Here's a few more details.. server config: dev tun proto udp port 1194 tmp-dir /tmp writepid /var/run/openvpn-server.pid crl-verify /xconf/openvpn/pki/crl.pem mode server tls-server ifconfig 172.16.32.26 172.16.32.1 route 172.16.32.0 255.255.240.0 push "route 172.16.0.0 255.255.240.0" client-connect /xsys/lib/openvpn-tools/connect keepalive 10 20 user nobody group nobody persist-key persist-tun status /var/log/openvpn-status log-append /var/log/openvpn-server verb 4 mute 20 cipher none comp-lzo txqueuelen 1000 daemon client config: client dev tun proto udp remote copper.cs.yorku.ca remote nickel.cs.yorku.ca remote-random writepid /var/run/openvpn.pid nobind user nobody group nobody persist-key persist-tun persist-remote-ip ns-cert-type server verb 3 mute 20 cipher none comp-lzo daemon connect script: In short, it returns for a given host "peach": ifconfig-push peach-vpn2 copper-vpn2 netmask 255.255.240.0 (It's the same script I've been using since OpenVPN 2.0.9 days) server startup: openvpn --ca /xconf/openvpn/pki/ca.crt --dh /xconf/openvpn/pki/dh2048.pem --cert /xconf/openvpn/pki/copper.server.crt --key /etc/openvpn/copper.server.key --config /xconf/openvpn/config/server.conf.coppy --script-security 3 system client startup: openvpn --ca /xconf/openvpn/pki/ca.crt --cert /xconf/openvpn/pki/jun48.crt --key /etc/openvpn/jun48.key --config /xconf/openvpn/config/client.conf In addition, on both the servers, /etc/resolv.conf is identical, pointing to our DNS. In addition, /etc/hosts contains all the hostnames as well. Thanks for any help you can provide.. Jason. ------------------------------------------------------------------------------ _______________________________________________ Openvpn-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-users
