Page 3 of 8 FirstFirst 12345 ... LastLast
Results 21 to 30 of 77
  1. #21
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    Quote Originally Posted by sky-knight View Post
    Yeah I know, my NFR hasn't gone to 14.1 yet
    I'm pretty sure upgrades should be available to everybody if not very close.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  2. #22
    Untangle Ninja
    Join Date
    Jan 2011
    Posts
    1,187

    Default

    and now I'm getting this on a box that recently upgraded to 14.1, no one can connect by OpenVPN:
    Code:
    Fri Dec 07 20:35:44 2018 OpenVPN 2.4.3 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jul 14 2017
    Fri Dec 07 20:35:44 2018 Windows version 6.2 (Windows 8 or greater) 64bit
    Fri Dec 07 20:35:44 2018 library versions: OpenSSL 1.0.2l  25 May 2017, LZO 2.10
    Enter Management Password:
    Fri Dec 07 20:35:44 2018 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
    Fri Dec 07 20:35:44 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:1194
    Fri Dec 07 20:35:44 2018 UDP link local: (not bound)
    Fri Dec 07 20:35:44 2018 UDP link remote: [AF_INET]xxx.xxx.xxx.xxx:1194
    Fri Dec 07 20:35:45 2018 [server] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:1194
    Fri Dec 07 20:35:46 2018 open_tun
    Fri Dec 07 20:35:46 2018 TAP-WIN32 device [Local Area Connection] opened: \\.\Global\{DE266DA5-7D68-4921-B426-6F375B61DD73}.tap
    Fri Dec 07 20:35:46 2018 Notified TAP-Windows driver to set a DHCP IP/netmask of 172.16.2.10/255.255.255.252 on interface {DE266DA5-7D68-4921-B426-6F375B61DD73} [DHCP-serv: 172.16.2.9, lease-time: 31536000]
    Fri Dec 07 20:35:46 2018 Successful ARP Flush on interface [27] {DE266DA5-7D68-4921-B426-6F375B61DD73}
    Fri Dec 07 20:35:46 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
    Fri Dec 07 20:35:51 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
    Fri Dec 07 20:35:51 2018 Initialization Sequence Completed
    Fri Dec 07 20:35:51 2018 Register_dns request sent to the service
    Fri Dec 07 20:35:56 2018 Bad LZO decompression header byte: 251
    Fri Dec 07 20:36:06 2018 Bad LZO decompression header byte: 251
    Fri Dec 07 20:36:16 2018 Bad LZO decompression header byte: 251
    Fri Dec 07 20:36:26 2018 Bad LZO decompression header byte: 251
    Fri Dec 07 20:36:35 2018 Bad LZO decompression header byte: 251
    Fri Dec 07 20:36:45 2018 Bad LZO decompression header byte: 251
    Fri Dec 07 20:36:46 2018 [server] Inactivity timeout (--ping-restart), restarting
    Fri Dec 07 20:36:46 2018 SIGUSR1[soft,ping-restart] received, process restarting
    ....repeat... no traffic ever passes

  3. #23
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    24,029

    Default

    This bit:


    Fri Dec 07 20:35:56 2018 Bad LZO decompression header byte: 251
    Fri Dec 07 20:36:06 2018 Bad LZO decompression header byte: 251
    Fri Dec 07 20:36:16 2018 Bad LZO decompression header byte: 251
    Fri Dec 07 20:36:26 2018 Bad LZO decompression header byte: 251
    Fri Dec 07 20:36:35 2018 Bad LZO decompression header byte: 251
    Fri Dec 07 20:36:45 2018 Bad LZO decompression header byte: 251

    Sounds very much like what my user was reporting this evening.

    After looking at /etc/openvpn/server.conf on my v14.0.1 box, and comparing it against a very similarly configured /etc/openvpn/server.conf on the unit that had trouble this evening, I've noticed the v14.1 box is missing the comp-lzo directive.

    Can anyone else confirm? If the clients are expecting compression and the server isn't providing it... that would explain much.
    Last edited by sky-knight; 12-07-2018 at 10:08 PM.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #24
    Untangle Ninja
    Join Date
    Jan 2011
    Posts
    1,187

    Default

    14.1 is making a mess of OpenVPN

  5. #25
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    24,029

    Default

    Johnson, can you check your /etc/openvpn/server.conf and see if you still have the comp-lzo directive?

    I just found this: https://community.openvpn.net/openvpn/ticket/952

    It seems compress and comp-lzo are NOT compatible... and a mix would do this...
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  6. #26
    Untangle Ninja
    Join Date
    Jan 2011
    Posts
    1,187

    Default

    can't seem to get into it... unblocked SSH from the internet, but when I login as root it won't take my password - the very same password I'm using to access the admin web interface. I have no physical access to the box, not until Monday at best.

  7. #27
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    24,029

    Default

    That's a thing, just get into your web UI and change the password on the admin account, it'll fix the root login. You can change it to the very same password you have, you just have to "change it" to anything and it'll fix it.

    Alternately, you might try changing the comp-lzo directive in your .ovpn file on your client to compress on your client.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  8. #28
    Untangle Ninja
    Join Date
    Jan 2011
    Posts
    1,187

    Default

    yes, I see the issue, compress vs. comp-lzo as you say.

    my client config file has "comp-lzo", but on the server's OpenVPN Advanced page it lists "compress". However, on another 14.1 site to which I can still connect, it's got "comp-lzo" on both ends.

    How did this change?

    to fix it, I clicked the Exclude checkbox on "compress" and then added a custom option "comp-lzo". Now I can connect, and presumably the customer will be able to connect too.
    Last edited by johnsonx42; 12-07-2018 at 10:28 PM.

  9. #29
    Untangle Ninja
    Join Date
    Jan 2011
    Posts
    1,187

    Default

    this must the bug that's breaking OpenVPN on 14.1 - something is causing "comp-lzo" to be replaced with "compress" on some upgrades; then the server is using "compress" but the existing clients are all using "comp-lzo"

    yet it doesn't happen to all, I can't figure any difference between the site I have where 14.1 still has "comp-lzo" and the one where it changed

  10. #30
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    Quote Originally Posted by sky-knight View Post
    After looking at /etc/openvpn/server.conf on my v14.0.1 box, and comparing it against a very similarly configured /etc/openvpn/server.conf on the unit that had trouble this evening, I've noticed the v14.1 box is missing the comp-lzo directive.
    Correct, you reinstalled OpenVPN on the latter box - so you'll have "new" options. Including removing "comp-lzo" and adding of "compress"
    Last edited by dmorris; 12-07-2018 at 10:41 PM.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

Page 3 of 8 FirstFirst 12345 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2