Comments (9)
I'm experiencing exactly the same, this issue is breaking IPv6 support for my openvpn client as I can't control the ndp proxy anymore via an external script.
from duo_openvpn.
I've commented out line line 64 signal(SIGCHLD, SIG_IGN); and recompiled it as a temporary fix to keep it working. However, every time a openvpn client authenticates a zombie process is kept on the system. Anyone know a more permanent fix?
To cleanup the zombie processes without restarting openvpn, you can use gdb, first find the zombie PIDs.
pstree -p|grep -A2 openvpn
|-openvpn(20633)-+-python(20775)
| `-python(20988)
Output shows two authentication attempts were made as two zombie processes (PID 20775, 20988) have raised. Cleanup (periodically) by hooking gdb into openvpn. Note it will freeze all current openvpn connections while you are in the gdb prompt.
sudo gdb -p 20633
…
(gdb) call waitpid(20775, 0, 0)
$1 = 20775
(gdb) call waitpid(20988, 0, 0)
$2 = 20988
(gdb) quit
from duo_openvpn.
Hey, thanks for bringing this to our attention! It looks like you've gotten a pretty good grasp of the issue, and a workaround as well. I'll take a look at this when I get the opportunity. In the mean time, if you wanted to open up a PR with a suitable fix I'd welcome that as well :)
from duo_openvpn.
How does that work? The call to execve() should not return. If it ever hits the exit call after that it's because execve failed.
from duo_openvpn.
I've made a permanent fix in PR #10
The fix (482a033) uses the previously created fork() to execute the execvp. The parent process waits using waitpid() for the execvp to complete.
from duo_openvpn.
I don't think waitpid is the solution. It should be daemonized so PID 1 reaps it.
from duo_openvpn.
@Owling, can you please try PR #11 and see if that works for you? If you turn up your openvpn server's log verbage, you should see a difference between your patch and this one in what the server does between the initial auth call and when auth is granted.
To download the patched code, clone https://github.com/petiepooo/duo_openvpn, switch to the fix-SIG_IGN branch, and compile. Thanks!
from duo_openvpn.
I see it's merged. Thanks! Glad to help out.
from duo_openvpn.
Fixed in #11. Cheers!
from duo_openvpn.
Related Issues (17)
- Does not compile on FreeBSD 9.3 HOT 4
- Zombie Python processes for each Duo push HOT 3
- missing symbol on SmartOS 64 bit HOT 1
- 2FA broken on OpenVPN 2.4.1 (CentOS, Fedora, RHEL) HOT 5
- Connection timed out HOT 1
- Make fails HOT 1
- Certificate validation failure when using proxy HOT 1
- Unable to load duo_openvpn.so in OpenVpn server v. 2.4.6 HOT 6
- python3 support HOT 7
- Add support for outbound HTTPS proxies HOT 3
- FreeBSD port created! HOT 2
- Duo plugin loads/runs even if previous plugin fails HOT 4
- Allow Duo script directory to be defined separately from Duo script name HOT 1
- mox3 is not supported under python3.11
- Does not work out of the box for OpenBSD
- Add MSVC build compatibility HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from duo_openvpn.