I'm facing a situation in which a client can't connect to the server
because an old connection of him is still apparent. So it still listed
in it's status file and the server still tries to send packets to him.
When trying to reconnect, the client does not get prompted for a password.
Is there a way to forcefully kill and remove this session from the
server without restarting it?
I appended logs and version information as files to reduce the clutter.
--
Jordan Borgner
Thu Apr 8 15:09:20 2021 TCP/UDP: Preserving recently used remote address:
[AF_INET]address
Thu Apr 8 15:09:20 2021 Socket Buffers: R=[212992->212992] S=[212992->212992]
Thu Apr 8 15:09:20 2021 UDP link local (bound): [AF_INET][undef]:1194
Thu Apr 8 15:09:20 2021 UDP link remote: [AF_INET]address
Thu Apr 8 15:09:20 2021 TLS: Initial packet from [AF_INET]address,
sid=8da5727f bb975d83
Thu Apr 8 15:09:20 2021 VERIFY OK: depth=1, CN=FRA-0
Thu Apr 8 15:09:20 2021 VERIFY KU OK
Thu Apr 8 15:09:20 2021 Validating certificate extended key usage
Thu Apr 8 15:09:20 2021 ++ Certificate has EKU (str) TLS Web Server
Authentication, expects TLS Web Server Authentication
Thu Apr 8 15:09:20 2021 VERIFY EKU OK
Thu Apr 8 15:09:20 2021 VERIFY OK: depth=0, CN=FRA-0
Thu Apr 8 15:10:20 2021 TLS Error: TLS key negotiation failed to occur within
60 seconds (check your network connectivity)
Thu Apr 8 15:10:20 2021 TLS Error: TLS handshake failed
Thu Apr 8 15:10:20 2021 SIGUSR1[soft,tls-error] received, process restarting
Thu Apr 8 15:10:20 2021 Restart pause, 5 second(s)
Thu Apr 8 15:10:30 2021 TCP/UDP: Preserving recently used remote address:
[AF_INET6]address
Thu Apr 8 15:10:30 2021 Socket Buffers: R=[212992->212992] S=[212992->212992]
Thu Apr 8 15:10:30 2021 setsockopt(IPV6_V6ONLY=0)
Thu Apr 8 15:10:30 2021 UDP link local (bound): [AF_INET6][undef]:1194
Thu Apr 8 15:10:30 2021 UDP link remote: [AF_INET6]address
^CThu Apr 8 15:10:43 2021 event_wait : Interrupted system call (code=4)
Thu Apr 8 15:10:43 2021 SIGINT[hard,] received, process exiting
OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11]
[MH/PKTINFO] [AEAD] built on Feb 20 2019
library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2018 OpenVPN Inc <sa...@openvpn.net>
Compile time defines: enable_async_push=no enable_comp_stub=no
enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes
enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown
enable_dlopen_self=unknown enable_dlopen_self_static=unknown
enable_fast_install=needless enable_fragment=yes enable_iproute2=yes
enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_maintainer_mode=no
enable_management=yes enable_multihome=yes enable_pam_dlopen=no
enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes
enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes
enable_selinux=no enable_server=yes enable_shared=yes
enable_shared_with_static_runtimes=no enable_silent_rules=no enable_small=no
enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes
enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes
with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes
with_mem_check=no with_sysroot=no
# omitted
Thu Apr 8 15:21:34 2021 us=285857 hostname/ipv6-address write UDPv6: Network
is unreachable (code=101)
Thu Apr 8 15:21:45 2021 us=22250 hostname/ipv6-address write UDPv6: Network is
unreachable (code=101)
Thu Apr 8 15:21:56 2021 us=80391 hostname/ipv6-address write UDPv6: Network is
unreachable (code=101)
# attempt to establish new connection
Thu Apr 8 15:22:01 2021 us=682677 hostname/ipv6-address TLS: new session
incoming connection from [AF_INET6]ipv6-address:1194
Thu Apr 8 15:22:01 2021 us=682758 hostname/ipv6-address write UDPv6: Network
is unreachable (code=101)
# omitted
Thu Apr 8 15:22:55 2021 us=80923 hostname/ipv6-address write UDPv6: Network is
unreachable (code=101)
Thu Apr 8 15:23:02 2021 us=14877 hostname/ipv6-address TLS Error: TLS key
negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Apr 8 15:23:02 2021 us=14926 hostname/ipv6-address TLS Error: TLS
handshake failed
Thu Apr 8 15:23:06 2021 us=37702 hostname/ipv6-address write UDPv6: Network is
unreachable (code=101)
# omitted
OpenVPN 2.4.10 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)]
[LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Dec 9 2020
library versions: OpenSSL 1.0.2k-fips 26 Jan 2017, LZO 2.06
Originally developed by James Yonan
Copyright (C) 2002-2018 OpenVPN Inc <sa...@openvpn.net>
Compile time defines: enable_async_push=no enable_comp_stub=no
enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes
enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown
enable_dlopen_self=unknown enable_dlopen_self_static=unknown
enable_fast_install=yes enable_fragment=yes enable_iproute2=yes
enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_management=yes
enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes
enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes
enable_plugins=yes enable_port_share=yes enable_selinux=yes enable_server=yes
enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no
enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes
enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes
with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes
with_mem_check=no with_sysroot=no
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
