openvpn on the device repeatedly resets connection and restarts the service

srik3h-emrit · May 23, 2022, 9:46am

I’m trying to setup openBalena on a VPS.
I’m using a SSL/TLS certificate provided by the VPS provider.

After booting a device (QEMU x86-64) when I run balena devices I see the device listed as below:

ID UUID    DEVICE NAME     DEVICE TYPE FLEET         STATUS IS ONLINE SUPERVISOR VERSION OS VERSION            DASHBOARD URL
1  **<redacted>** frosty-mountain qemux86-64  admin/myfleet Idle   false     12.10.3            balenaOS 2.83.18+rev5 https://dashboard.openbalena-**<redacted>**/devices/**<redacted>**/summary

The device never becomes online.

In trying to debug the issue I found the following messages repeatedly printed in the journalctl logs:

May 23 09:13:28 0512bd9 agetty[1607]: /dev/ttyS1: not a tty
May 23 09:13:29 0512bd9 openvpn[882]: Mon May 23 09:13:29 2022 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
May 23 09:13:29 0512bd9 openvpn[882]: Mon May 23 09:13:29 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]**<REDACTED_IP_ADDRESS>**:443
May 23 09:13:29 0512bd9 openvpn[882]: Mon May 23 09:13:29 2022 Socket Buffers: R=[131072->131072] S=[16384->16384]
May 23 09:13:29 0512bd9 openvpn[882]: Mon May 23 09:13:29 2022 Attempting to establish TCP connection with [AF_INET]**<REDACTED_IP_ADDRESS>**:443 [nonblock]
May 23 09:13:30 0512bd9 openvpn[882]: Mon May 23 09:13:30 2022 TCP connection established with [AF_INET]**<REDACTED_IP_ADDRESS>**:443
May 23 09:13:30 0512bd9 openvpn[882]: Mon May 23 09:13:30 2022 TCP_CLIENT link local: (not bound)
May 23 09:13:30 0512bd9 openvpn[882]: Mon May 23 09:13:30 2022 TCP_CLIENT link remote: [AF_INET]**<REDACTED_IP_ADDRESS>**:443
May 23 09:13:30 0512bd9 openvpn[882]: Mon May 23 09:13:30 2022 WARNING: Bad encapsulated packet length from peer (18516), which must be > 0 and <= 1627 -- please ensure that --tun-mtu or --link-mtu is e>
May 23 09:13:30 0512bd9 openvpn[882]: Mon May 23 09:13:30 2022 Connection reset, restarting [0]
May 23 09:13:30 0512bd9 openvpn[882]: Mon May 23 09:13:30 2022 SIGUSR1[soft,connection-reset] received, process restarting
May 23 09:13:30 0512bd9 openvpn[882]: Mon May 23 09:13:30 2022 Restart pause, 20 second(s)

Can you please help me resolve this issue?

alexgg · May 27, 2022, 10:52am

Hi, maybe reading through Balena Device Debugging Masterclass - Balena Documentation will help out.
It sounds that adding the third party certificate to the device by adding a balenaRootCA to config.json would help. See GitHub - balena-os/meta-balena: A collection of Yocto layers used to build balenaOS images and BalenaOS Masterclass - Balena Documentation for details.

pranavpeshwe · June 23, 2022, 11:49am

Hey Srikanth,
Am writing to check whether things worked for you finally? From the logs it appears to be a problem with either the firewall configuration or a transparent proxy intercepting packets destined to TCP port 443. My colleague Alex has already shared appropriate links earlier.

Best regards,
Pranav