SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0003269: Openvpn push buffer (512) has been exceeded - MantisBT Endian Bugtracker
Endian Issue Tracker





Please see now our new Bugtracker system: JIRA








View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0003269Endian FirewallOpenVPN Client and Serverpublic2010-11-08 14:252010-11-22 11:51
Reporterardit-endian 
Assigned Tora-endian 
PrioritynormalSeveritymajorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version2.3.1 
Target VersionFixed in Version2.4.1 
Summary0003269: Openvpn push buffer (512) has been exceeded
DescriptionCurrently with openvpn 2.1_rc15 we are limited when pushing routes to the client's, and this limit is exceeded when we use *more* routes.

On this firewall (Macro) this message keep parsing on the openvpn logs:

" Maximum length of --push buffer (512) has been exceeded. Send as chunks. Old clients will accept only the last chunk "


Actually the variable PUSH_BUNDLE_SIZE should be set to 2048 (or bigger) on common.h

2.1_rc20 changelog includes:

* Eliminated the limitation on the number of options that can be pushed
  to clients, including routes. Previously, all pushed options needed
  to fit within a 1024 byte options string.

I think you should go for the rc20 (if this don't cause other problems) or above. (2.1.3 stable)
TagsNo tags attached.
Attached Files

- Relationships
related to 0002949closedpeter-endian OpenVPN version is old 2.1rc15 

-  Notes
(0005043)
ardit-endian (developer)
2010-11-08 14:28

PS; the impact is that not all routes are pushed to the client, and this is more evident when on the firewall are connected different users.
(0005044)
ra-endian (administrator)
2010-11-08 14:47

On bigger networks it's better to push only global routes containing a large network like 10.0.0.0/8.
Any connection from clients to 10.X.X.X goes to the vpn concentrator and any smaller network mask overrides the large one.

And you are right,we are working now upgrading openvpn to the latest version.
(0005052)
ra-endian (administrator)
2010-11-09 09:05

We have upgraded openvpn to the latest stable version.

- Issue History
Date Modified Username Field Change
2010-11-08 14:25 ardit-endian New Issue
2010-11-08 14:28 ardit-endian Note Added: 0005043
2010-11-08 14:47 ra-endian Note Added: 0005044
2010-11-08 14:48 ra-endian Assigned To => ra-endian
2010-11-08 14:48 ra-endian Status new => confirmed
2010-11-09 09:05 ra-endian Note Added: 0005052
2010-11-09 09:05 ra-endian Status confirmed => resolved
2010-11-09 09:05 ra-endian Fixed in Version => 2.4.1
2010-11-09 09:05 ra-endian Resolution open => fixed
2010-11-10 09:49 ra-endian Relationship added related to 0002949
2010-11-22 11:51 peter-endian Status resolved => closed

Copyright © 2005-2008 Endian, SRL. All rights reserved.


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker