[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#767836: marked as done (openvpn: Openvpn server can't start after upgrade to kernel 3.2.63-2+deb7u1 (tun: Unknown symbol ipv6_proxy_select_ident))

Your message dated Mon, 03 Nov 2014 16:59:38 +0000
with message-id <1415033978.27313.33.camel@decadent.org.uk>
and subject line Re: Processed: Seems to come from the kernel upgrade
has caused the Debian Bug report #767836,
regarding openvpn: Openvpn server can't start after upgrade to kernel 3.2.63-2+deb7u1 (tun: Unknown symbol ipv6_proxy_select_ident)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
767836: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=767836
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: openvpn
Version: 2.2.1-8+deb7u2
Severity: important

My openvpn server stopped working after a recent kernel opgrade from
linux-image-3.2.0-4-amd64_3.2.63-2_amd64.deb to
linux-image-3.2.0-4-amd64_3.2.63-2+deb7u1_amd64.deb . Downgrading
makes it work again.

Doing an /etc/init.d/openvpn start resulted in the following error on the command line:

===========================
t@do ~> sudo /etc/init.d/openvpn start
[sudo] password for thue:
[FAIL] Starting virtual private network daemon: server failed!
---------------------------

The following error was printed on the primary console (did not occur prior to the kernel upgrade):

=================================
tun: Unknown symbol ipv6_proxy_select_ident (err 0)
Loading kernel module for a network device with CAP_SYS_MODULE (deprecated)  Use CAP_NET_ADMIN and alias netdev- instead
Loading kernel module for a network device with CAP_SYS_MODULE (deprecated)  Use CAP_NET_ADMIN and alias netdev- instead
Loading kernel module for a network device with CAP_SYS_MODULE (deprecated)  Use CAP_NET_ADMIN and alias netdev- instead
Loading kernel module for a network device with CAP_SYS_MODULE (deprecated)  Use CAP_NET_ADMIN and alias netdev- instead
Loading kernel module for a network device with CAP_SYS_MODULE (deprecated)  Use CAP_NET_ADMIN and alias netdev- instead
---------------------------------

And in /var/log/openvpn.log :

===========================
Sun Nov  2 22:19:51 2014 us=186982 Current Parameter Settings:
Sun Nov  2 22:19:51 2014 us=187097   config = '/etc/openvpn/server.conf'
Sun Nov  2 22:19:51 2014 us=187122   mode = 1
Sun Nov  2 22:19:51 2014 us=187139   persist_config = DISABLED
Sun Nov  2 22:19:51 2014 us=187156   persist_mode = 1
Sun Nov  2 22:19:51 2014 us=187172   show_ciphers = DISABLED
Sun Nov  2 22:19:51 2014 us=187188   show_digests = DISABLED
Sun Nov  2 22:19:51 2014 us=187203   show_engines = DISABLED
Sun Nov  2 22:19:51 2014 us=187218   genkey = DISABLED
Sun Nov  2 22:19:51 2014 us=187234   key_pass_file = '[UNDEF]'
Sun Nov  2 22:19:51 2014 us=187250   show_tls_ciphers = DISABLED
Sun Nov  2 22:19:51 2014 us=187267 Connection profiles [default]:
Sun Nov  2 22:19:51 2014 us=187285   proto = udp
Sun Nov  2 22:19:51 2014 us=187302   local = '[UNDEF]'
Sun Nov  2 22:19:51 2014 us=187317   local_port = 1194
Sun Nov  2 22:19:51 2014 us=187332   remote = '[UNDEF]'
Sun Nov  2 22:19:51 2014 us=187348   remote_port = 1194
Sun Nov  2 22:19:51 2014 us=187364   remote_float = DISABLED
Sun Nov  2 22:19:51 2014 us=187379   bind_defined = DISABLED
Sun Nov  2 22:19:51 2014 us=187395   bind_local = ENABLED
Sun Nov  2 22:19:51 2014 us=187410 NOTE: --mute triggered...
Sun Nov  2 22:19:51 2014 us=187451 261 variation(s) on previous 20 message(s) suppressed by --mute
Sun Nov  2 22:19:51 2014 us=187476 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 \
                                                                                                                                 (2.2RC2)] built on Jun 18 2013
Sun Nov  2 22:19:51 2014 us=187763 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sun Nov  2 22:19:51 2014 us=200928 Diffie-Hellman initialized with 2048 bit key
Sun Nov  2 22:19:51 2014 us=202565 Control Channel Authentication: using '/etc/openvpn/certs/ta.key' as a OpenVPN static key file
Sun Nov  2 22:19:51 2014 us=202616 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Nov  2 22:19:51 2014 us=202644 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Nov  2 22:19:51 2014 us=202680 TLS-Auth MTU parms [ L:1557 D:166 EF:66 EB:0 ET:0 EL:0 ]
Sun Nov  2 22:19:51 2014 us=202739 Socket Buffers: R=[229376->131072] S=[229376->131072]
Sun Nov  2 22:19:51 2014 us=202998 ROUTE default_gateway=104.131.192.1
Sun Nov  2 22:19:51 2014 us=205818 Note: Cannot open TUN/TAP dev /dev/net/tun: No such device (errno=19)
Sun Nov  2 22:19:51 2014 us=205862 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Nov  2 22:19:51 2014 us=205910 /sbin/ifconfig  192.168.88.1 pointopoint 192.168.88.2 mtu 1500
SIOCSIFADDR: No such device
: ERROR while getting interface flags: No such device
SIOCSIFDSTADDR: No such device
: ERROR while getting interface flags: No such device
SIOCSIFMTU: No such device
Sun Nov  2 22:19:51 2014 us=226574 Linux ifconfig failed: external program exited with error status: 1
Sun Nov  2 22:19:51 2014 us=226632 Exiting
---------------------------------

Downgrading the kernel to
linux-image-3.2.0-4-amd64_3.2.63-2_amd64.deb made it work again,
removes all error output, including the ipv6_proxy_select_ident
error.

The following is my /etc/openvpn/server.conf

=========================
port 1194
proto udp
dev tun

ca /etc/openvpn/certs/ca.crt
cert /etc/openvpn/certs/do.thuejk.dk.crt
key /etc/openvpn/certs/do.thuejk.dk.key
dh /etc/openvpn/certs/dh2048.pem
tls-auth /etc/openvpn/certs/ta.key 0

server 192.168.88.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

client-to-client
keepalive 1800 4000

cipher AES-256-CBC
#comp-lzo

max-clients 10

user nobody
group nogroup

persist-key
persist-tun

log /var/log/openvpn.log
status /var/log/openvpn-status.log
verb 5
mute 20
=========================

Regards, Thue

-- System Information:
Debian Release: 7.7
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages openvpn depends on:
ii  debconf [debconf-2.0]  1.5.49
ii  initscripts            2.88dsf-41+deb7u1
ii  libc6                  2.13-38+deb7u6
ii  liblzo2-2              2.06-1+deb7u1
ii  libpam0g               1.1.3-7.1
ii  libpkcs11-helper1      1.09-1
ii  libssl1.0.0            1.0.1e-2+deb7u13
ii  net-tools              1.60-24.2

openvpn recommends no packages.

Versions of packages openvpn suggests:
ii  openssl     1.0.1e-2+deb7u13
pn  resolvconf  <none>

-- debconf information:
  openvpn/create_tun: false

--- End Message ---
--- Begin Message --- 
You need to reboot after a kernel upgrade.

Ben.

-- 
Ben Hutchings
Power corrupts.  Absolute power is kind of neat.
                           - John Lehman, Secretary of the US Navy 1981-1987

Attachment: signature.asc
Description: This is a digitally signed message part


--- End Message ---
Reply to: