You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Start the server, create some user and enable VPN Azure
Connect to the server directly in admin mode with either server manager or vpncmd
Disconnect the admin connection
Connect to the VPN Azure hostname with SSTP or SE
✔️ Expected Behavior
VPN connects successfully.
❌ Actual Behavior
The VPN Azure connection immediately after an admin connection is highly likely to fail.
In SSTP, the connection gets shut down immediately after the client sends the first SSTP hello message.
In SE, the connection gets cut after completing SE handshake. If the first connection fails, all additional connections fail too.
The error message in debug mode is
/home/admin/SoftEtherVPN/src/Mayaqua/Network.c 12313 SSL Fatal Error on ASYNC socket !!!
which is right after calling SSL_peek() in SecureRecv().
It turned out the the fatal error is not from SSL_peek() but some leftover in the error queue.
Anything else?
This issue does not affect programs built with OpenSSL 1.1.
Same behavior was observed on stable edition build 9772 (the first build embedding OpenSSL 3.0) but not on build 9760
It affects connections via VPN Azure only, including the custom VPN Azure service. Direct connections are not affected.
It might be related to a behavior change in OpenSSL 3.0.
On an unexpected EOF, versions before OpenSSL 3.0 returned SSL_ERROR_SYSCALL, nothing was added to the error stack, and errno was 0. Since OpenSSL 3.0 the returned error is SSL_ERROR_SSL with a meaningful error on the error stack (SSL_R_UNEXPECTED_EOF_WHILE_READING). https://www.openssl.org/docs/man3.0/man3/SSL_get_error.html
Clearing the error queue before SSL operations seems to fix the problem.
Although I have come up with a workaround, I am not sending this in a PR because there is still something important that remains unknown, e.g. why the bug only affects VPN Azure, why a new connection can be interfered by an old error.
SSL safety is fundamental to this program and I wish it can be handled carefully and properly.
Are you using SoftEther VPN 5.x?
Version
No response
Component
VPN Server
Operating system & version
Linux
Architecture or Hardware model
No response
Steps to reproduce
✔️ Expected Behavior
VPN connects successfully.
❌ Actual Behavior
The VPN Azure connection immediately after an admin connection is highly likely to fail.
In SSTP, the connection gets shut down immediately after the client sends the first SSTP hello message.
In SE, the connection gets cut after completing SE handshake. If the first connection fails, all additional connections fail too.
The error message in debug mode is
which is right after calling
SSL_peek()
inSecureRecv()
.It turned out the the fatal error is not from
SSL_peek()
but some leftover in the error queue.Anything else?
The text was updated successfully, but these errors were encountered: