On 2018-11-21 22:04:53, Marc West wrote:
> Hi,
>
> I'm running into an issue with ocserv-0.12.1 on OpenBSD 6.4
> (gnutls-3.5.19) where if there are 4 existing users connected,
> any new connection attempts fail with errors like the logs below.
>
> If one of the 4 existing users disconnects then the next connection
> attempt succeeds, but any connections above 4 simultaneous seem to
> always fail. max-clients is set to 50.
>
> Regarding the log lines about tun interfaces, tun0 through tun254 all
> exist even though less than 10 users have ever connected so far. The
> first 4 users create tun0-tun3 and they get destroyed upon disconnect
> as expected. When the 5th user attempts to connect, tun4-tun254 all
> get created at once and persist in the down state indefinitely.
>
> If I manually destroy the unused tun4-tun254 they all get recreated
> again upon the next login attempt (which fails with: main: tun.c:724:
> Can't open tun device: No such file or directory).
>
> To note, ifconfig shows tun0-tun254 as existing but under /dev only
> the active 4 exist:
>
> # ls /dev/tun*
> /dev/tun0 /dev/tun1 /dev/tun2 /dev/tun3 /dev/tuner0
> #
>
> I've left the current ocserv process running in case there is any
> additional info that should be gathered while running, otherwise I
> can restart with debug if needed.
>
> Thanks!
>
> ocserv log:
> Nov 20 18:31:24 server ocserv[82641]: main:ip.ip.ip.ip:57758 user disconnected (reason: unspecified, rx: 0, tx: 0)
> Nov 20 18:31:24 server ocserv[2082]: sec-mod: initiating session for user 'username' (session: n2oOOP)
> Nov 20 18:31:24 server ocserv[82641]: main[username]:ip.ip.ip.ip:57760 new user session
> Nov 20 18:31:24 server ocserv[82641]: main: tun.c:724: Can't open tun device: File exists
> Nov 20 18:31:24 server ocserv[82641]: main[username]:ip.ip.ip.ip:57760 failed authentication attempt for user 'username'
> Nov 20 18:31:24 server ocserv[35469]: worker: ip.ip.ip.ip failed cookie authentication attempt
> Nov 20 18:31:24 server ocserv[82641]: main[username]:ip.ip.ip.ip:57760 user disconnected (reason: unspecified, rx: 0, tx: 0)
> Nov 20 18:31:24 server ocserv[2082]: sec-mod: temporarily closing session for username (session: n2oOOP)
> Nov 20 18:31:24 server ocserv[82641]: main: tun.c:774: /dev/tun254: Error destroying interface: Invalid argument
For the list archives: the 4 connection limit was due to only tun0
through tun3 device nodes existing under /dev. On OpenBSD, these 4 are
created by default (see /dev/MAKEDEV) and the rest need to be explicitly
created on a newly installed system to allow more than 4 tun interfaces.
#!/bin/sh
i=4
cd /dev
while [ $i -le 254 ]; do
./MAKEDEV "tun$i"
i=`expr $i + 1`
done
