On 2020-04-19 at 18:57, The Wanderer wrote: > On 2020-04-19 at 15:04, The Wanderer wrote: >> I've got it running now (using the command from my innermost >> non-routing-script script, verbatim except for omitting >> --passwd-on-stdin and recombining it back onto one line, with that >> redirection modification added). I'll go grocery shopping pretty >> soon, and close the session and report results before the end of >> the night. The every-30-seconds ping keepalive to a machine across >> the VPN is running alongside it. >> >> This is with 8.05, by the way - the version from the most recent >> set of logs, which so far has not seen the connection drop like >> this. I can run a similar check (most likely overnight tonight) >> with 8.08, if desired. > > The result of this, from about 3.3 hours' worth, is attached - again > trimmed to head (ending a reasonable distance after the tunnel > starts normal operation) and tail (starting a reasonable distance > before the rekey, ending with EOF), compressed, and obfuscated > probably more than is necessary. > > If you need me to do the 8.08 equivalent, please let me know as soon > as reasonably practical. Here's the 8.08 equivalent, just for reference and just in case. > I've discovered one reason to keep using a wrapper script for > calling openconnect. When I exited with Ctrl+C (which as I understand > matters should be producing SIGINT), which in the past has apparently > killed the wrapper script and led openconnect to exit cleanly, this > time it apparently terminated openconnect where it sat - with the > result that my original /etc/resolv.conf, adjusted by the > Debian-shipped vpnc routing script, was left in its tunnel-up state. > > I was able to reconstruct that file to a functional state (and, > honestly, probably verbatim except for the comments) from memory, Mysteriously (but positively), after the clean exit of the 8.08 session that produced the attached log, /etc/resolv.conf was back to what appears to be its exact original state - without even the comments I'd added in the meantime. I'm guessing it(s contents) had been backed up somewhere by 8.05, and 8.08 saw that and restored it somehow? Or else it got regenerated from the local DHCP server, which is more sophisticated than I'd have expected for this environment. > and as far as I can see nothing else seems to have been left > un-cleaned-up (aside from a couple of useless but should-be-harmless > routes) - but that was an unexpected behavior, the more so given that > I don't find any special mention of how to safely exit by searching > the openconnect man page for 'exit|quit|close'. > > Is this behavior expected? If so, what's the safe way to exit and > shut things down, from a direct invocation like this? Since sending that, I've wondered whether the fact that I'm piping to tee (and so tee might be what's receiving the signal?) may be affecting this. That would seem like illogical behavior which (if present) should have been visible in a lot of other programs before this, but I can't currently rule it out at a glance. -- The Wanderer The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. -- George Bernard Shaw
Attachment:
vpn-3hours-disconnect-fullmanualinvocation-headtail-obfuscated.log.7z
Description: application/7z-compressed
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ openconnect-devel mailing list openconnect-devel@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/openconnect-devel
