OpenVPN process stops ldap_parse assertion
Posted: Mon Oct 10, 2011 4:08 pm
Hi,
We have two servers running OpenVPN on Debian using LDAP authentication. The two servers are setup for redundancy. About once a day or every other day the OpenVPN process stops running and the following message shows up in the log:
We have seen it happen at the same time and then at different times on both servers. This of course kills the openvpn connection and prevents anyone from connecting. I have to go in and restart the process and the server accepts connections once again. Anyone seen this before? or know of any issues related to this?
Please, please let me know if you need more information. I think I got what you typically ask for below:
Thanks!
uname -a
openvpn --version
Server.conf
client.conf
We have two servers running OpenVPN on Debian using LDAP authentication. The two servers are setup for redundancy. About once a day or every other day the OpenVPN process stops running and the following message shows up in the log:
Code: Select all
openvpn: sasl.c:257: ldap_parse_sasl_bind_result: Assertion `res != ((void *)0)' failed.
Please, please let me know if you need more information. I think I got what you typically ask for below:
Thanks!
uname -a
Code: Select all
Linux vpn1 2.6.32-5-amd64 #1 SMP Fri Sep 9 20:23:16 UTC 2011 x86_64 GNU/Linux
Code: Select all
OpenVPN 2.2.0 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Jun 16 2011
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
$ ./configure --enable-pthread --enable-password-save --host=x86_64-linux-gnu --build=x86_64-linux-gnu --prefix=/usr --mandir=${prefix}/share/man --with-ifconfig-path=/sbin/ifconfig --with-route-path=/sbin/route CFLAGS=-g -O2 build_alias=x86_64-linux-gnu host_alias=x86_64-linux-gnu LDFLAGS= CPPFLAGS= --no-create --no-recursion
Compile time defines: ENABLE_CLIENT_SERVER ENABLE_DEBUG ENABLE_EUREPHIA ENABLE_FRAGMENT ENABLE_HTTP_PROXY ENABLE_MANAGEMENT ENABLE_MULTIHOME ENABLE_PASSWORD_SAVE ENABLE_PORT_SHARE ENABLE_SOCKS USE_CRYPTO USE_LIBDL USE_LZO USE_PF_INET6 USE_PKCS11 USE_SSL
Code: Select all
port 1194
proto udp
dev tap0
ca vpn2_ca.crt
cert vpn1.crt
key vpn1.key # This file should be kept secret
dh dh1024.pem
ifconfig-pool-persist ipp.txt
server-bridge 10.0.0.1 255.128.0.0 10.109.4.5 10.109.4.127
push "route 10.128.0.0 255.128.0.0"
push "dhcp-option DNS 10.0.0.1"
duplicate-cn
keepalive 10 20
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 4
mute 20
client-cert-not-required
username-as-common-name
plugin /usr/lib/openvpn/openvpn-auth-ldap.so /etc/openvpn/auth/auth-ldap.conf
log-append openvpn.log
Code: Select all
client
dev tap
proto udp
remote <VPN1 IP> 1194
remote <VPN2 IP> 1194
remote-random
resolv-retry 5
server-poll-timeout 5
nobind
persist-key
ca /etc/openvpn/vpn_ca.crt
comp-lzo
verb 3
auth-user-pass
float