Restarting ocserv doesn't clean up all workers

Nikos Mavrogiannopoulos nmav at gnutls.org
Tue Oct 7 06:49:37 PDT 2014


On Tue, Oct 7, 2014 at 3:02 PM, Niels Peen <niels at peen.ch> wrote:
> After 20+ hours, there seem to be no negative effects.
>
> I did notice something else, possibly related. A worker that's not shut
> down after the DPD timeout has long passed:

Thanks for testing.

> Oct  7 17:43:15 yocimuvu ocserv[5087]: sec-mod: received request from pid 3079 and uid 65534
> Oct  7 18:51:01 yocimuvu ocserv[3079]: worker: XXXX:1066 worker-vpn.c:984: have not received UDP any message or DPD for long (199 secs, DPD is 90)
> Oct  7 18:55:06 yocimuvu ocserv[3079]: worker: XXXX:1066 worker-vpn.c:984: have not received UDP any message or DPD for long (181 secs, DPD is 90)

There is certainly a typo there :)

> Oct  7 20:49:21 yocimuvu ocserv[3079]: worker: XXXX:1066 worker-vpn.c:984: have not received UDP any message or DPD for long (248 secs, DPD is 90)

ocserv will allow 3 DPD attempts meaning that with DPD = 90 secs it
would 270 seconds to close the UDP port. Note also that a UDP DPD
failure will result in the UDP port being disabled rather than the
connection being tear down. Only if the TCP (main channel) DPD fails
the connection will be closed and the worker will be terminated.

regards,
Nikos



More information about the openconnect-devel mailing list