[eduVPN-deploy] [2020-11-30] Package Updates
François Kooman
fkooman at tuxed.net
Mon Nov 30 09:55:14 CET 2020
Hi all,
* vpn-lib-common: 2.2.3 [1]
* vpn-user-portal: 2.3.6 [2]
* vpn-server-api: 2.2.9 [3]
* vpn-server-node: 2.2.6 [4]
This release has an assortment of little fixes, among others supporting
again showing the QR code when users are forced to use 2FA. Some UI
updates to the admin parts of the portal, smaller font size for the
portal. You can see the linked CHANGES links for all the details.
Two fixes are worth explaining in more detail:
1. To issue IP addresses to VPN clients, we use OpenVPN's built-in IP
pool management. It turned out, OpenVPN does not issue *ALL* IPs
available in that pool. It never issues the "last" IP in the pool to
clients. When the load on the VPN server increases and an OpenVPN
process is "full" the last client would not get an IPv4 address, but
still be connected to the VPN server. This could result in no
connectivity (on IPv4) for that particular unlucky client. What should
have happened with this last client is that it should automatically
connect to the next available OpenVPN process listed in the
configuration. This is fixed now.
2. Due to a an obscure bug in OpenVPN, as far as I can tell, still
investigating in more detail, once a client is unable to connect over
UDP (process full, not available) it will continue to connect to the
next listed OpenVPN "remote" as listed in the client configuration.
Unfortunately, when the next remote would be a "TCP" process, it would
still "keep" the client's "keepalive" pings (enabled for UDP, disabled
for TCP) and try to use "keepalive" pings over TCP, but as the server
never responds to that, the client would disconnect after about 2
minutes of inactivity. This has been fixed now by enabling "keepalive"
also for TCP.
Make sure you use "vpn-maint-update-system" to properly apply the
changes to the OpenVPN processes!
Let me know if you have any questions!
Regards,
François
[1]
https://github.com/eduvpn/vpn-lib-common/blob/v2/CHANGES.md#223-2020-11-27
[2]
https://github.com/eduvpn/vpn-user-portal/blob/v2/CHANGES.md#236-2020-11-27
[3]
https://github.com/eduvpn/vpn-server-api/blob/v2/CHANGES.md#229-2020-11-27
[4]
https://github.com/eduvpn/vpn-server-node/blob/v2/CHANGES.md#226-2020-11-27
More information about the eduVPN-deploy
mailing list