Re: [Openvpn-devel] Client reconnect issues

2019-05-21 Thread Gert Doering
Hi, On Tue, May 21, 2019 at 09:18:32AM +0200, Pieter Hulshoff wrote: > Who would be the best person to approach regarding this issue? It was > originally reported 2 years ago ( > https://community.openvpn.net/openvpn/ticket/880), but perhaps wasn't > properly identified as bug at that time. Steff

Re: [Openvpn-devel] Client reconnect issues

2019-05-21 Thread Pieter Hulshoff
Hallo all, Op vr 26 apr. 2019 om 19:56 schreef Gert Doering : > On Fri, Apr 26, 2019 at 04:55:36PM +0200, Pieter Hulshoff wrote: > > As you can see, the message is never actually decrypted after the > > reconnect, and as such the server will never receive it. > > So that's most certainly a bug, b

Re: [Openvpn-devel] Client reconnect issues

2019-04-28 Thread Pieter Hulshoff
Hello Gert, Op vr 26 apr. 2019 om 19:56 schreef Gert Doering : > On Fri, Apr 26, 2019 at 04:55:36PM +0200, Pieter Hulshoff wrote: > > As you can see, the message is never actually decrypted after the > > reconnect, and as such the server will never receive it. > > So that's most certainly a bug,

Re: [Openvpn-devel] Client reconnect issues

2019-04-26 Thread Gert Doering
Hi, On Fri, Apr 26, 2019 at 04:55:36PM +0200, Pieter Hulshoff wrote: > As you can see, the message is never actually decrypted after the > reconnect, and as such the server will never receive it. So that's most certainly a bug, but not related to the suppression of PUSH_REPLY messages - but "some

Re: [Openvpn-devel] Client reconnect issues

2019-04-26 Thread Gert Doering
Hi, On Fri, Apr 26, 2019 at 03:46:53PM +0200, Antonio Quartulli wrote: > Therefore if you are shutting down a client and restarting it within > this short timeframe, it is expected that you won't get any PUSH_REPLY. Restarting the client (as in "full program termination and restart") should cause

Re: [Openvpn-devel] Client reconnect issues

2019-04-26 Thread Pieter Hulshoff
Antonio & Jan Just, Looking at the logs, there are some notable differences. I assumed for the moment that the TLS calls are logged before the received message, since the message first needs to be decoded (and the client reports a 13 byte plaintext with 42 byte ciphertext). --

Re: [Openvpn-devel] Client reconnect issues

2019-04-26 Thread Pieter Hulshoff
Antonio & Jan Just, I actually have verbose level 8 log files of the issue. :) If you look at a normal connection (the initial one), a PUSH_REQUEST is logged in the server as PUSH: Received control message: 'PUSH_REQUEST' After the reconnect however, I see the PUSH_REQUESTs being sent out by the

Re: [Openvpn-devel] Client reconnect issues

2019-04-26 Thread Pieter Hulshoff
Hello Antonio, Op vr 26 apr. 2019 om 15:47 schreef Antonio Quartulli : > This said, OpenVPN has a protection that prevents a server to reply to a > PUSH_REQUEST from the same client more than once within 30 seconds. > > Therefore if you are shutting down a client and restarting it within > this s

Re: [Openvpn-devel] Client reconnect issues

2019-04-26 Thread Jan Just Keijser
Hi Antonio, On 26/04/19 16:02, Antonio Quartulli wrote: Hi, On 26/04/2019 15:57, Jan Just Keijser wrote: I'd look into the way session tickets are configured and used in mbedtls, e.g. read up on https://tls.mbed.org/discussions/generic/what-is-the-correct-way-to-use-session-tickets For OpenS

Re: [Openvpn-devel] Client reconnect issues

2019-04-26 Thread Antonio Quartulli
Hi, On 26/04/2019 15:57, Jan Just Keijser wrote: > I'd look into the way session tickets are configured and used in > mbedtls, e.g. read up on > https://tls.mbed.org/discussions/generic/what-is-the-correct-way-to-use-session-tickets > > > For OpenSSL, OpenVPN uses SSL_OP_NO_TICKET, i.e. no sessi

Re: [Openvpn-devel] Client reconnect issues

2019-04-26 Thread Jan Just Keijser
Hi Pieter, On 26/04/19 15:32, Pieter Hulshoff wrote: Gert, Op vr 19 apr. 2019 om 13:38 schreef Pieter Hulshoff >: I've been looking at https://community.openvpn.net/openvpn/ticket/880 for a while now, and was wondering if there'd been any a

Re: [Openvpn-devel] Client reconnect issues

2019-04-26 Thread Antonio Quartulli
Hi, On 26/04/2019 15:32, Pieter Hulshoff wrote: >> Any thoughts on this matter? Is it true that this only happens with >> mbedtls, and as such should this issue be taken up with that community in >> stead of this one? Any idea on why the server would refuse a PUSH request >> for an already existin

Re: [Openvpn-devel] Client reconnect issues

2019-04-26 Thread Pieter Hulshoff
Gert, Op vr 19 apr. 2019 om 13:38 schreef Pieter Hulshoff < pieter.hulsh...@technolution.nl>: > I've been looking at https://community.openvpn.net/openvpn/ticket/880 for > a while now, and was wondering if there'd been any answers to this problem > yet. It appears that mbedtls (according to krzee

[Openvpn-devel] Client reconnect issues

2019-04-19 Thread Pieter Hulshoff
Hello all, I've been looking at https://community.openvpn.net/openvpn/ticket/880 for a while now, and was wondering if there'd been any answers to this problem yet. It appears that mbedtls (according to krzee the problem disappeared when using OpenSSL, but since I use OpenVPN-NL that's not an opti