Skip to content

OpenVPN 2.7 server with multi-socket config crashes on FreeBSD 14 when a TCP client connected and DCO is enabled #710

New issue
New issue
Closed
Bug
Closed
OpenVPN 2.7 server with multi-socket config crashes on FreeBSD 14 when a TCP client connected and DCO is enabled#710
Bug
Assignees
itsGiaan
Labels
DCOFreeBSDbug
@mattock

Description

@mattock
mattock
opened on Mar 28, 2025

Describe the bug

OpenVPN server crashes on FreeBSD 14 in multi-socket mode (multiple --local entries) if one of the sockets is TCP and an OpenVPN client tries to initiate a TCP connection.

To Reproduce

Clone the latest "master" branch. Compile as usual. Launch a multi-socket server (see the two "--local" entries below) with both UDP and TCP sockets:

./src/openvpn/openvpn --dev tun --topology subnet --max-clients 5 --persist-tun --verb 3 --duplicate-cn --ca sample/sample-keys/ca.crt  --dh sample/sample-keys/dh2048.pem  --cert sample/sample-keys/server.crt  --key sample/sample-keys/server.key  --tls-auth sample/sample-keys/ta.key  0 --server 10.29.43.0 255.255.255.0 --local 127.0.0.1 1197 tcp --local ::1 1197 udp --management 127.0.0.1 11197

Launch an UDP client. It will not crash the server:

./src/openvpn/openvpn --client --nobind --remote-cert-tls server --persist-tun --verb 3 --resolv-retry infinite --connect-retry-max 3 --server-poll-timeout 5 --explicit-exit-notify 3 --script-security 2 --dev null --ifconfig-noexec --ca sample/sample-keys/ca.crt --cert sample/sample-keys/client.crt --key sample/sample-keys/client.key --tls-auth sample/sample-keys/ta.key 1 --remote ::1 1197 udp

Then launch a TCP client. This will crash the server:

./src/openvpn/openvpn --client --nobind --remote-cert-tls server --persist-tun --verb 3 --resolv-retry infinite --connect-retry-max 3 --server-poll-timeout 5 --explicit-exit-notify 3 --script-security 2 --dev null --ifconfig-noexec --ca sample/sample-keys/ca.crt --cert sample/sample-keys/client.crt --key sample/sample-keys/client.key --tls-auth sample/sample-keys/ta.key 1 --remote 127.0.0.1 1197 tcp

Server's crash output looks like this:

2025-03-28 12:11:14 tcp4-server:127.0.0.1:11755 [Test-Client] Peer Connection Initiated with [AF_INET]127.0.0.1:11755                                                                                               
2025-03-28 12:11:14 Test-Client/tcp4-server:127.0.0.1:11755 MULTI_sva: pool returned IPv4=10.29.43.2, IPv6=(Not enabled)                                                                                            
2025-03-28 12:11:14 Test-Client/tcp4-server:127.0.0.1:11755 Failed to create new peer: Invalid argument (errno=22)              
2025-03-28 12:11:14 Test-Client/tcp4-server:127.0.0.1:11755 Exiting due to fatal error                                                                                                                              
2025-03-28 12:11:14 Test-Client/tcp4-server:127.0.0.1:11755 Closing ovpn-dco interface
2025-03-28 12:11:14 Test-Client/tcp4-server:127.0.0.1:11755 /sbin/ifconfig tun0 10.29.43.1 -alias
2025-03-28 12:11:14 Test-Client/tcp4-server:127.0.0.1:11755 /sbin/ifconfig tun0 destroy

Expected behavior

I would expect the server not to crash on TCP client connection.

Version information (please complete the following information):

  • OS: FreeBSD 14.1-RELEASE-p5
  • OpenVPN version: Latest Git "master" version

Additional context

The solution according to cron2 is "disable DCO on FreeBSD if any of the listing sockets is TCP". Maybe also warn that DCO is disabled because of that.

Metadata

Metadata

Assignees

Labels

DCOFreeBSDbug

Type

Bug

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions