[heroes] vpn restarted, then didn't come up?
Sep 20 13:55:59 io64 openvpn[6610]: Re-using SSL/TLS context Sep 20 13:55:59 io64 openvpn[6610]: LZO compression initialized Sep 20 13:56:00 io64 openvpn[6610]: UDPv4 link local: [undef] Sep 20 13:56:00 io64 openvpn[6610]: UDPv4 link remote: 195.135.221.151:1194 Sep 20 13:56:00 io64 openvpn[6610]: [scar.opensuse.org] Peer Connection Initiated with 195.135.221.151:1194 Sep 20 13:56:01 io64 openvpn[6610]: AUTH: Received AUTH_FAILED control message Sep 20 13:56:01 io64 openvpn[6610]: ERROR: Linux route delete command failed: shell command exited with error status: 7 Sep 20 13:56:01 io64 openvpn[6610]: ERROR: Linux route delete command failed: shell command exited with error status: 7 Sep 20 13:56:01 io64 openvpn[6610]: SIGTERM[soft,auth-failure] received, process exiting The two lines of "ERROR: Linux route delete command failed" made me curious. I'll see what a restart does now. -- Per Jessen, Zürich (8.6°C) openSUSE mailing list admin -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org
Per Jessen wrote:
Sep 20 13:55:59 io64 openvpn[6610]: Re-using SSL/TLS context Sep 20 13:55:59 io64 openvpn[6610]: LZO compression initialized Sep 20 13:56:00 io64 openvpn[6610]: UDPv4 link local: [undef] Sep 20 13:56:00 io64 openvpn[6610]: UDPv4 link remote: 195.135.221.151:1194 Sep 20 13:56:00 io64 openvpn[6610]: [scar.opensuse.org] Peer Connection Initiated with 195.135.221.151:1194 Sep 20 13:56:01 io64 openvpn[6610]: AUTH: Received AUTH_FAILED control message Sep 20 13:56:01 io64 openvpn[6610]: ERROR: Linux route delete command failed: shell command exited with error status: 7 Sep 20 13:56:01 io64 openvpn[6610]: ERROR: Linux route delete command failed: shell command exited with error status: 7 Sep 20 13:56:01 io64 openvpn[6610]: SIGTERM[soft,auth-failure] received, process exiting
The two lines of "ERROR: Linux route delete command failed" made me curious. I'll see what a restart does now.
No problem, it worked. Weird. -- Per Jessen, Zürich (8.4°C) openSUSE mailing list admin -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org
Hi On Thu, 21 Sep 2017 08:33:12 +0200 Per Jessen wrote:
Sep 20 13:55:59 io64 openvpn[6610]: Re-using SSL/TLS context Sep 20 13:55:59 io64 openvpn[6610]: LZO compression initialized Sep 20 13:56:00 io64 openvpn[6610]: UDPv4 link local: [undef] Sep 20 13:56:00 io64 openvpn[6610]: UDPv4 link remote: 195.135.221.151:1194 Sep 20 13:56:00 io64 openvpn[6610]: [scar.opensuse.org] Peer Connection Initiated with 195.135.221.151:1194 Sep 20 13:56:01 io64 openvpn[6610]: AUTH: Received AUTH_FAILED control message Sep 20 13:56:01 io64 openvpn[6610]: ERROR: Linux route delete command failed: shell command exited with error status: 7 Sep 20 13:56:01 io64 openvpn[6610]: ERROR: Linux route delete command failed: shell command exited with error status: 7 Sep 20 13:56:01 io64 openvpn[6610]: SIGTERM[soft,auth-failure] received, process exiting
The AUTH_FAILED line looks more interesting to me. I rebooted the freeipa server Thu, Sep 21, 07:10 - so a missing LDAP server seems not to be the problem. But this might happen in the future... Regards, Lars -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org
Hello, Am Donnerstag, 21. September 2017, 11:58:22 CEST schrieb Lars Vogdt:
On Thu, 21 Sep 2017 08:33:12 +0200 Per Jessen wrote:
Sep 20 13:56:01 io64 openvpn[6610]: AUTH: Received AUTH_FAILED control message
7 Sep 20 13:56:01 io64 openvpn[6610]: SIGTERM[soft,auth-failure] received, process exiting
The AUTH_FAILED line looks more interesting to me. I rebooted the freeipa server Thu, Sep 21, 07:10 - so a missing LDAP server seems not to be the problem. But this might happen in the future...
AFAIK it was a problem with a too restrictive firewall rule on the FreeIPA machine, and the timestamp also matches. I told Theo that ssh logins to all VMs with the FreeIPA username + ssh key didn't work, and he "fixed" that yesterday. However, he accidently only allowed /32 instead of /24, with the result that scar (aka gate.o.o) wasn't able to verify VPN logins anymore. After another bugreport from me (on IRC), he fixed that yesterday evening. On the positive side, ssh logins using the FreeIPA username and ssh key now work, and sudo based on FreeIPA groups also works :-) (tested on riesling and water) Regards, Christian Boltz -- <cboltz> I wonder if I should add "sponsored by Aspirin" ;-) <jjohansen> you could have a nice little side business if Asprin was sponsoring all the bugs you find [from #apparmor] -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org
Christian Boltz wrote:
<cboltz> I wonder if I should add "sponsored by Aspirin" ;-) <jjohansen> you could have a nice little side business if Asprin was sponsoring all the bugs you find [from #apparmor]
Christian, you've got the best sigs I've read for a while! Nice picking. -- Per Jessen, Zürich (11.1°C) openSUSE mailing list admin -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org
participants (3)
-
Christian Boltz -
Lars Vogdt -
Per Jessen