Hello all,
I'm working with OpenVPN-NL, which uses the mbed TLS 2.9.0 library. We've discovered that when a client disconnects and reconnects (e.g. client is killed and restarted), the client will send a PUSH_REQUEST to the server, but the server will never answer. This was reported as https://community.openvpn.net/openvpn/ticket/880 by krzee in 2017. The user krzee also reported that the issue disappeared when he switched out mbed-TLS for OpenSSL. This is not an option for OpenVPN-NL, which uses mbed-TLS in all its releases.
Analysis seems to indicate that the TLS server ignores new PUSH_REQUESTS for connections it already considers to be active, which causes the OpenVPN(-NL) server to never send a reply, which in turn causes the OpenVPN(-NL) client to disconnect after 12 attempts (and retry after a few seconds).
Does anyone have any idea what might cause this issue? It appears to have been a change in the code somewhere between when the library was still called PolarSSL (since it works for OpenVPN-NL 2.3.9) and 2017 (since it was first reported then).
Kind regards,
Pieter Hulshoff
Hello all,
I'm working with OpenVPN-NL, which uses the mbed TLS 2.9.0 library. We've discovered that when a client disconnects and reconnects (e.g. client is killed and restarted), the client will send a PUSH_REQUEST to the server, but the server will never answer. This was reported as https://community.openvpn.net/openvpn/ticket/880 by krzee in 2017. The user krzee also reported that the issue disappeared when he switched out mbed-TLS for OpenSSL. This is not an option for OpenVPN-NL, which uses mbed-TLS in all its releases.
Analysis seems to indicate that the TLS server ignores new PUSH_REQUESTS for connections it already considers to be active, which causes the OpenVPN(-NL) server to never send a reply, which in turn causes the OpenVPN(-NL) client to disconnect after 12 attempts (and retry after a few seconds).
Does anyone have any idea what might cause this issue? It appears to have been a change in the code somewhere between when the library was still called PolarSSL (since it works for OpenVPN-NL 2.3.9) and 2017 (since it was first reported then).
Kind regards,
Pieter Hulshoff