ocserv dropping connections on ARM Debian platform
Description of problem:
When I running a ARM Debian box as my SSL VPN Gateway, it always dropping connection at precisely at "auth-timeout" field in ocserv.conf. To keep it working, I have to set auth-timeout to 86400s, but I don't know whether or not about side-effects.
I have set log level to 2 and the log said "set_non_block: Function not implemented"
Version of ocserv used:
1.1.2 from Debian repository (bullseye).
1.1.6 compile by myself.
Client used:
OpenConnect v7.08 and OpenConnect v8.10-2+b1.
Distributor of ocserv
Debian
How reproducible:
- Pick a ARM based SBC, install a Debian or Armbian system.
- apt install ocserv or dpkg-buildpackage by yourself, use default setting
- After 240s (default auth-timeout setting in Debian), the server will drop the connection.
Actual results:
journalctl -u ocserv:
Nov 19 23:25:12 dialin systemd[1]: Started OpenConnect SSL VPN server.
Nov 19 23:25:12 dialin ocserv[25649]: note: skipping 'pid-file' config option
Nov 19 23:25:12 dialin ocserv[25649]: Parsing plain auth method subconfig using legacy format
Nov 19 23:25:12 dialin ocserv[25649]: note: vhost:default: setting 'plain' as primary authentication method
Nov 19 23:25:12 dialin ocserv[25649]: error connecting to sec-mod socket '/run/ocserv-socket.46b01943': No such file or directory
Nov 19 23:25:12 dialin ocserv[25649]: note: setting 'file' as supplemental config option
Nov 19 23:25:12 dialin ocserv[25649]: listening (TCP) on 0.0.0.0:443...
Nov 19 23:25:12 dialin ocserv[25649]: listening (TCP) on [::]:443...
Nov 19 23:25:12 dialin ocserv[25649]: listening (UDP) on 0.0.0.0:443...
Nov 19 23:25:12 dialin ocserv[25649]: listening (UDP) on [::]:443...
Nov 19 23:25:12 dialin ocserv[25649]: ocserv[25649]: main: Starting 1 instances of ocserv-sm
Nov 19 23:25:12 dialin ocserv[25649]: main: Starting 1 instances of ocserv-sm
Nov 19 23:25:12 dialin ocserv[25649]: ocserv[25649]: main: initialized ocserv 1.1.6
Nov 19 23:25:12 dialin ocserv[25649]: main: initialized ocserv 1.1.6
Nov 19 23:25:12 dialin ocserv[25650]: ocserv[25650]: sec-mod: reading supplemental config from files
Nov 19 23:25:12 dialin ocserv[25650]: sec-mod: reading supplemental config from files
Nov 19 23:25:12 dialin ocserv[25650]: ocserv[25650]: sec-mod: sec-mod initialized (socket: /var/lib/ocserv//run/ocserv-socket.46b01943.0)
Nov 19 23:25:12 dialin ocserv[25650]: sec-mod: sec-mod initialized (socket: /var/lib/ocserv//run/ocserv-socket.46b01943.0)
Nov 19 23:25:29 dialin ocserv[25653]: note: skipping 'pid-file' config option
Nov 19 23:25:29 dialin ocserv[25653]: Parsing plain auth method subconfig using legacy format
Nov 19 23:25:29 dialin ocserv[25653]: note: vhost:default: setting 'plain' as primary authentication method
Nov 19 23:25:29 dialin ocserv[25653]: note: setting 'file' as supplemental config option
Nov 19 23:25:30 dialin ocserv[25650]: ocserv[25650]: sec-mod: sec-mod instance 0 issue cookie
Nov 19 23:25:30 dialin ocserv[25650]: ocserv[25650]: sec-mod: using 'plain' authentication to authenticate user (session: rGjSQN)
Nov 19 23:25:30 dialin ocserv[25650]: sec-mod: sec-mod instance 0 issue cookie
Nov 19 23:25:30 dialin ocserv[25650]: sec-mod: using 'plain' authentication to authenticate user (session: rGjSQN)
Nov 19 23:25:30 dialin ocserv[25650]: ocserv[25650]: sec-mod: initiating session for user 'guest' (session: rGjSQN)
Nov 19 23:25:30 dialin ocserv[25650]: sec-mod: initiating session for user 'guest' (session: rGjSQN)
Nov 19 23:25:30 dialin ocserv[25649]: ocserv[25649]: main[guest]:<some address>:65239 new user session
Nov 19 23:25:30 dialin ocserv[25649]: main[guest]:<some address>:65239 new user session
Nov 19 23:25:30 dialin ocserv[25649]: ocserv[25649]: main[guest]:<some address>:65239 user logged in
Nov 19 23:25:30 dialin ocserv[25649]: main[guest]:<some address>:65239 user logged in
Nov 19 23:25:30 dialin ocserv[25653]: ocserv[25653]: worker[guest]: <some address> suggesting DPD of 60 secs
Nov 19 23:25:30 dialin ocserv[25653]: ocserv[25653]: worker[guest]: <some address> configured link MTU is 1500
Nov 19 23:25:30 dialin ocserv[25653]: ocserv[25653]: worker[guest]: <some address> peer's link MTU is 1406
Nov 19 23:25:30 dialin ocserv[25653]: ocserv[25653]: worker[guest]: <some address> sending IPv4 <some vpn address>
Nov 19 23:25:30 dialin ocserv[25653]: ocserv[25653]: worker[guest]: <some address> sending IPv6 fd00:4441:7a9f:6cd3:a9fb:25fa:1e7a:140f/128
Nov 19 23:25:30 dialin ocserv[25653]: ocserv[25653]: worker[guest]: <some address> IPv6 routes/DNS disabled because the agent is not known.
Nov 19 23:25:30 dialin ocserv[25653]: ocserv[25653]: worker[guest]: <some address> adding DNS 114.114.114.114
Nov 19 23:25:30 dialin ocserv[25653]: ocserv[25653]: worker[guest]: <some address> adding DNS 119.29.29.29
Nov 19 23:25:30 dialin ocserv[25653]: ocserv[25653]: set_non_block: Function not implemented
Nov 19 23:25:30 dialin ocserv[25653]: ocserv[25653]: worker[guest]: <some address> X-DTLS-App-ID: 6865df7f9bc554f51fc81adbebf7e3388b9a4927d1ad9e41a0c3da00e3165baf
Nov 19 23:25:30 dialin ocserv[25653]: ocserv[25653]: worker[guest]: <some address> DTLS ciphersuite: PSK-NEGOTIATE
Nov 19 23:25:30 dialin ocserv[25653]: ocserv[25653]: worker[guest]: <some address> Link MTU is 1406 bytes
Nov 19 23:25:30 dialin ocserv[25653]: worker[guest]: <some address> suggesting DPD of 60 secs
Nov 19 23:25:30 dialin ocserv[25653]: ocserv[25653]: worker[guest]: <some address> selected DTLS compression method lzs
Nov 19 23:25:30 dialin ocserv[25653]: ocserv[25653]: worker[guest]: <some address> selected CSTP compression method lzs
Nov 19 23:25:30 dialin ocserv[25653]: worker[guest]: <some address> configured link MTU is 1500
Nov 19 23:25:30 dialin ocserv[25653]: worker[guest]: <some address> peer's link MTU is 1406
Nov 19 23:25:30 dialin ocserv[25653]: ocserv[25653]: set_non_block: Function not implemented
Nov 19 23:25:30 dialin ocserv[25653]: ocserv[25653]: worker[guest]: <some address> setting up DTLS-PSK connection
Nov 19 23:25:30 dialin ocserv[25653]: worker[guest]: <some address> sending IPv4 <some vpn address>
Nov 19 23:25:30 dialin ocserv[25653]: worker[guest]: <some address> sending IPv6 fd00:4441:7a9f:6cd3:a9fb:25fa:1e7a:140f/128
Nov 19 23:25:30 dialin ocserv[25653]: worker[guest]: <some address> IPv6 routes/DNS disabled because the agent is not known.
Nov 19 23:25:30 dialin ocserv[25653]: worker[guest]: <some address> adding DNS 114.114.114.114
Nov 19 23:25:30 dialin ocserv[25653]: worker[guest]: <some address> adding DNS 119.29.29.29
Nov 19 23:25:30 dialin ocserv[25653]: set_non_block: Function not implemented
Nov 19 23:25:30 dialin ocserv[25653]: worker[guest]: <some address> X-DTLS-App-ID: 6865df7f9bc554f51fc81adbebf7e3388b9a4927d1ad9e41a0c3da00e3165baf
Nov 19 23:25:30 dialin ocserv[25653]: worker[guest]: <some address> DTLS ciphersuite: PSK-NEGOTIATE
Nov 19 23:25:30 dialin ocserv[25653]: worker[guest]: <some address> Link MTU is 1406 bytes
Nov 19 23:25:30 dialin ocserv[25653]: worker[guest]: <some address> selected DTLS compression method lzs
Nov 19 23:25:30 dialin ocserv[25653]: worker[guest]: <some address> selected CSTP compression method lzs
Nov 19 23:25:30 dialin ocserv[25653]: set_non_block: Function not implemented
Nov 19 23:25:30 dialin ocserv[25653]: worker[guest]: <some address> setting up DTLS-PSK connection
Nov 19 23:25:33 dialin ocserv[25653]: ocserv[25653]: worker[guest]: <some address> warning: Discarded message[3] due to invalid decryption
Nov 19 23:25:33 dialin ocserv[25653]: worker[guest]: <some address> warning: Discarded message[3] due to invalid decryption
Nov 19 23:25:33 dialin ocserv[25653]: ocserv[25653]: worker[guest]: <some address> warning: Discarded message[4] due to invalid decryption
Nov 19 23:25:33 dialin ocserv[25653]: worker[guest]: <some address> warning: Discarded message[4] due to invalid decryption
neofetch:
root@dialin:~# neofetch
_,met$$$$$gg. root@dialin
,g$$$$$$$$$$$$$$$P. ---------------
,g$$P" """Y$$.". OS: Debian GNU/Linux 11 (bullseye) armv7l
,$$P' `$$$. Host: Xunlei OneCloud
',$$P ,ggs. `$$b: Kernel: 6.0.8-meson
`d$$' ,$P"' . $$$ Uptime: 1 hour, 14 mins
$$P d$' , $$P Packages: 477 (dpkg)
$$: $$. - ,d$$' Shell: bash 5.1.4
$$; Y$b._ _,d$P' Terminal: /dev/pts/3
Y$$. `.`"Y$$$$P"' CPU: Amlogic Meson platform (4) @ 1.536GHz
`$$b "-.__ Memory: 168MiB / 990MiB
`Y$$
`Y$$.
`$$b.
`Y$$b.
`"Y$b._
`"""
root@dialin:~#
Expected results:
The server don't dropping connections, and maybe "set_non_block: Function not implemented" not shown in log.
Edited by 万致远