As of today 2 devices had after multiple restarts a connection issue.
Balena os 3.1.4 and 2.113.15 suddenly gives problems to setup a connection with vpn.balena-cloud.com
The openvpn server seems to send the wrong route configuration causing all kinds of networks settings to fail.
Mar 14 20:59:13 lazy-stream openvpn[32025]: 2025-03-14 20:59:13 [vpn.balena-cloud.com] Peer Connection Initiated with [AF_INET]44.219.65.162:443
Mar 14 20:59:14 lazy-stream openvpn[32025]: 2025-03-14 20:59:14 SENT CONTROL [vpn.balena-cloud.com]: ‘PUSH_REQUEST’ (status=1)
Mar 14 20:59:14 lazy-stream openvpn[32025]: 2025-03-14 20:59:14 PUSH: Received control message: ‘PUSH_REPLY,ping 10,ping-exit 60,sndbuf 0,rcvbuf 0,route 52.4.252.97,socket-flags TCP_NODELAY,ifconfig 10.240.57.89 52.4.252.97,peer-id 897,cipher AES-128-GCM’
Mar 14 20:59:14 lazy-stream openvpn[32025]: 2025-03-14 20:59:14 OPTIONS IMPORT: timers and/or timeouts modified
Mar 14 20:59:14 lazy-stream openvpn[32025]: 2025-03-14 20:59:14 OPTIONS IMPORT: --sndbuf/–rcvbuf options modified
Mar 14 20:59:14 lazy-stream openvpn[32025]: 2025-03-14 20:59:14 Socket Buffers: R=[131072->131072] S=[87040->87040]
Mar 14 20:59:14 lazy-stream openvpn[32025]: 2025-03-14 20:59:14 OPTIONS IMPORT: --socket-flags option modified
Mar 14 20:59:14 lazy-stream openvpn[32025]: 2025-03-14 20:59:14 Socket flags: TCP_NODELAY=1 succeeded
Mar 14 20:59:14 lazy-stream openvpn[32025]: 2025-03-14 20:59:14 OPTIONS IMPORT: --ifconfig/up options modified
Mar 14 20:59:14 lazy-stream openvpn[32025]: 2025-03-14 20:59:14 OPTIONS IMPORT: route options modified
Mar 14 20:59:14 lazy-stream openvpn[32025]: 2025-03-14 20:59:14 OPTIONS IMPORT: peer-id set
Mar 14 20:59:14 lazy-stream openvpn[32025]: 2025-03-14 20:59:14 OPTIONS IMPORT: adjusting link_mtu to 1627
Mar 14 20:59:14 lazy-stream openvpn[32025]: 2025-03-14 20:59:14 OPTIONS IMPORT: data channel crypto options modified
Mar 14 20:59:14 lazy-stream openvpn[32025]: 2025-03-14 20:59:14 Data Channel: using negotiated cipher ‘AES-128-GCM’
Mar 14 20:59:14 lazy-stream openvpn[32025]: 2025-03-14 20:59:14 Outgoing Data Channel: Cipher ‘AES-128-GCM’ initialized with 128 bit key
Mar 14 20:59:14 lazy-stream openvpn[32025]: 2025-03-14 20:59:14 Incoming Data Channel: Cipher ‘AES-128-GCM’ initialized with 128 bit key
Mar 14 20:59:14 lazy-stream openvpn[32025]: 2025-03-14 20:59:14 Preserving previous TUN/TAP instance: resin-vpn
Mar 14 20:59:14 lazy-stream openvpn[32025]: 2025-03-14 20:59:14 /etc/openvpn-misc/upscript.sh resin-vpn 1500 1555 10.243.56.131 52.4.252.97 restart
Mar 14 20:59:14 lazy-stream openvpn[32025]: 2025-03-14 20:59:14 NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
Mar 14 20:59:14 lazy-stream openvpn[32025]: 2025-03-14 20:59:14 /sbin/ip route del 52.4.252.97/32
Mar 14 20:59:14 lazy-stream openvpn[34912]: ip: RTNETLINK answers: Operation not permitted
Mar 14 20:59:14 lazy-stream openvpn[32025]: 2025-03-14 20:59:14 ERROR: Linux route delete command failed: external program exited with error status: 2
route 52.4.252.97:
** This is the problematic route that’s being pushed by the server. It tells the client to add a route to the IP address 52.4.252.97. However, the server did not provide a netmask. Because of this, the client will assume a /32 netmask. Also, because no gateway was provided, the client will attempt to route the traffic directly to the ip address that is provided. This is the root of the problem.*