openvpn crashes on OSX 10.10 Yosemite

Got a problem with Viscosity or need help? Ask here!

berne

Posts: 5
Joined: Wed Nov 26, 2014 5:34 pm

Post by berne » Thu Nov 27, 2014 6:39 pm
After authenticating to the VPN server Viscosity fails. It says that ifconfig failed. I noticed that in fact the openvpn process is crashing after forking (in child side) before exec'ing ifconfig due to a SEGV.

This occurs when using the GUI or when running /Applications/Viscosity.app/Contents/MacOS/openvpn from the command line.

I also see this in /var/log/system.log:
Code: Select all
Nov 27 17:27:49 <removed> com.sparklabs.ViscosityHelper[1333]: Invalid command
Nov 27 17:27:49 <removed> configd[25]: *** Non-configd process (pid=1333) attempting to modify "Setup:/Network/Service/com.sparklabs.Viscosity.tun0" ***
Viscosity version 1.5.2 (1242)
OS: Apple OS X 10.10 Yosemite

OpenVPN Log
Code: Select all
Nov 27 17:22:28: Viscosity Mac 1.5.2 (1242)
Nov 27 17:22:28: Viscosity OpenVPN Engine Started
Nov 27 17:22:28: Running on Mac OS X 10.10
Nov 27 17:22:28: ---------
Nov 27 17:22:28: Checking reachability status of connection...
Nov 27 17:22:29: Connection is reachable. Starting connection attempt.
Nov 27 17:22:32: OpenVPN 2.3.4 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Oct 16 2014
Nov 27 17:22:32: library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO 2.08
Nov 27 17:22:43: PKCS#11: Adding PKCS#11 provider '/Library/OpenSC/lib/opensc-pkcs11.so'
Nov 27 17:22:45: UDPv4 link local: [undef]
Nov 27 17:22:45: UDPv4 link remote: [AF_INET]<removed>
Nov 27 17:22:45: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Nov 27 17:22:57: [server] Peer Connection Initiated with [AF_INET]<removed>
Nov 27 17:22:59: NOTE: Beginning empirical MTU test -- results should be available in 3 to 4 minutes.
Nov 27 17:22:59: TUN/TAP device /dev/tun0 opened
Nov 27 17:22:59: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Nov 27 17:22:59: /sbin/ifconfig tun0 delete
Nov 27 17:23:01: NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
Nov 27 17:23:01: /sbin/ifconfig tun0 <removed> <removed> mtu 1500 netmask 255.255.255.255 up
Nov 27 17:23:02: Mac OS X ifconfig failed: external program did not exit normally
Nov 27 17:24:40: Viscosity Mac 1.5.2 (1242)
Nov 27 17:24:40: Viscosity OpenVPN Engine Started
Nov 27 17:24:40: Running on Mac OS X 10.10
Nov 27 17:24:40: ---------
Nov 27 17:24:40: Checking reachability status of connection...
Nov 27 17:24:41: Connection is reachable. Starting connection attempt.
Nov 27 17:24:43: OpenVPN 2.3.4 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Oct 16 2014
Nov 27 17:24:43: library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO 2.08
Nov 27 17:24:54: PKCS#11: Adding PKCS#11 provider '/Library/OpenSC/lib/opensc-pkcs11.so'
Nov 27 17:24:56: UDPv4 link local: [undef]
Nov 27 17:24:56: UDPv4 link remote: [AF_INET]<removed>
Nov 27 17:24:56: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Nov 27 17:25:02: [server] Peer Connection Initiated with [AF_INET]<removed>
Nov 27 17:25:04: NOTE: Beginning empirical MTU test -- results should be available in 3 to 4 minutes.
Nov 27 17:25:04: TUN/TAP device /dev/tun0 opened
Nov 27 17:25:04: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Nov 27 17:25:04: /sbin/ifconfig tun0 delete
Nov 27 17:25:07: NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
Nov 27 17:25:07: /sbin/ifconfig tun0 <removed> <removed> mtu 1500 netmask 255.255.255.255 up
Nov 27 17:25:08: Mac OS X ifconfig failed: external program did not exit normally
Nov 27 17:26:39: Viscosity Mac 1.5.2 (1242)
Nov 27 17:26:39: Viscosity OpenVPN Engine Started
Nov 27 17:26:39: Running on Mac OS X 10.10
Nov 27 17:26:39: ---------
Nov 27 17:26:39: Checking reachability status of connection...
Nov 27 17:26:40: Connection is reachable. Starting connection attempt.
Nov 27 17:26:44: OpenVPN 2.3.4 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Oct 16 2014
Nov 27 17:26:44: library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO 2.08
Nov 27 17:27:12: Viscosity Mac 1.5.2 (1242)
Nov 27 17:27:12: Viscosity OpenVPN Engine Started
Nov 27 17:27:12: Running on Mac OS X 10.10
Nov 27 17:27:12: ---------
Nov 27 17:27:12: Checking reachability status of connection...
Nov 27 17:27:13: Connection is reachable. Starting connection attempt.
Nov 27 17:27:17: OpenVPN 2.3.4 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Oct 16 2014
Nov 27 17:27:17: library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO 2.08
Nov 27 17:27:28: PKCS#11: Adding PKCS#11 provider '/Library/OpenSC/lib/opensc-pkcs11.so'
Nov 27 17:27:30: UDPv4 link local: [undef]
Nov 27 17:27:30: UDPv4 link remote: [AF_INET]<removed>
Nov 27 17:27:30: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Nov 27 17:27:42: [server] Peer Connection Initiated with [AF_INET]<removed>
Nov 27 17:27:44: NOTE: Beginning empirical MTU test -- results should be available in 3 to 4 minutes.
Nov 27 17:27:44: TUN/TAP device /dev/tun0 opened
Nov 27 17:27:44: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Nov 27 17:27:44: /sbin/ifconfig tun0 delete
Nov 27 17:27:48: NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
Nov 27 17:27:48: /sbin/ifconfig tun0 <removed> <removed> mtu 1500 netmask 255.255.255.255 up
Nov 27 17:27:49: Mac OS X ifconfig failed: external program did not exit normally
Crash Report
Code: Select all
Process:               openvpn [452]
Path:                  /Library/Application Support/Viscosity/openvpn
Identifier:            openvpn
Version:               ???
Code Type:             X86-64 (Native)
Parent Process:        openvpn [450]
Responsible:           com.sparklabs.ViscosityHelper [351]
User ID:               0

Date/Time:             2014-11-25 20:56:56.035 +1100
OS Version:            Mac OS X 10.10 (14A389)
Report Version:        11
Anonymous UUID:        751DF87C-009E-4000-580A-ACC7D1C6A0EF

Sleep/Wake UUID:       353F94E5-9F6E-472A-A4AE-EDB2FC56D7CD

Time Awake Since Boot: 5200 seconds

Crashed Thread:        0  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x0000000000000110

VM Regions Near 0x110:
--> 
    __TEXT                 000000010fd2e000-000000010ff34000 [ 2072K] r-x/rwx SM=COW  /Library/Application Support/Viscosity/*

Application Specific Information:
crashed on child side of fork pre-exec

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   libdispatch.dylib             	0x00007fff930055d2 _dispatch_queue_wakeup_with_qos_slow + 525
1   libdispatch.dylib             	0x00007fff930055f8 _dispatch_queue_wakeup_with_qos_slow + 563
2   libdispatch.dylib             	0x00007fff92ffacfc _dispatch_mach_msg_send + 1690
3   libdispatch.dylib             	0x00007fff92ffa5e4 dispatch_mach_send + 326
4   libxpc.dylib                  	0x00007fff919a38b1 _xpc_connection_send_message_with_reply_f + 125
5   libxpc.dylib                  	0x00007fff919a37c2 xpc_connection_send_message_with_reply_sync + 185
6   com.apple.pcsc                	0x0000000110038c5b transact + 604
7   com.apple.pcsc                	0x00000001100396b7 SCardDisconnect + 84
8   libopensc.3.dylib             	0x000000011065043b pcsc_disconnect + 107
9   libopensc.3.dylib             	0x0000000110611632 sc_disconnect_card + 274
10  opensc-pkcs11.so              	0x000000011000a7c6 card_removed + 278
11  opensc-pkcs11.so              	0x0000000110002d0a C_Finalize + 234
12  opensc-pkcs11.so              	0x0000000110002965 C_Initialize + 53
13  openvpn                       	0x000000010fe9d731 __pkcs11h_forkFixup + 183
14  openvpn                       	0x000000010fe9d667 __pkcs11h_threading_atfork_child + 61
15  libsystem_pthread.dylib       	0x00007fff8f4dd0bf _pthread_fork_child_postinit + 69
16  libsystem_c.dylib             	0x00007fff9275a0c8 fork + 29
17  openvpn                       	0x000000010fd47bed openvpn_execve + 109
18  openvpn                       	0x000000010fd47b02 openvpn_execve_check + 33
19  openvpn                       	0x000000010fd84310 do_ifconfig + 340
20  openvpn                       	0x000000010fd3ccbe do_open_tun + 1043
21  openvpn                       	0x000000010fd3c36d do_up + 87
22  openvpn                       	0x000000010fd6e43a incoming_push_message + 138
23  openvpn                       	0x000000010fd36de2 check_incoming_control_channel_dowork + 295
24  openvpn                       	0x000000010fd39402 pre_select + 1253
25  openvpn                       	0x000000010fd54b9a main + 336
26  openvpn                       	0x000000010fd2f634 start + 52

Thread 0 crashed with X86 Thread State (64-bit):
  rax: 0x0000000000000000  rbx: 0x00007f9478d017d0  rcx: 0x0000000000000100  rdx: 0x0000000000000000
  rdi: 0x00007f9478c30030  rsi: 0x0000000000000001  rbp: 0x00007fff4fed0600  rsp: 0x00007fff4fed05d0
   r8: 0x0000000000000006   r9: 0x00000000fffffff0  r10: 0x0000000000000004  r11: 0x00007f9478d00000
  r12: 0x0000000000000000  r13: 0x00007f9478c30030  r14: 0x0000000000000800  r15: 0x00007fff7ca33bc0
  rip: 0x00007fff930055d2  rfl: 0x0000000000010206  cr2: 0x0000000000000110
  
Logical CPU:     0
Error Code:      0x00000006
Trap Number:     14


Binary Images:
       0x10fd2e000 -        0x10ff33fff +openvpn (???) <DD4AF181-DB48-344A-991E-9BC5CBC060A7> /Library/Application Support/Viscosity/openvpn
       0x110002000 -        0x11002cfff +opensc-pkcs11.so (0) <CB1CEDBA-E75B-36D9-A86E-400051FAE0BF> /Library/OpenSC/*/opensc-pkcs11.so
       0x110038000 -        0x110041ff7  com.apple.pcsc (8.0 - 1) <D2049B5D-7C84-30F4-9116-24D9847FDA5C> /System/Library/Frameworks/PCSC.framework/PCSC
       0x110600000 -        0x1107fdfff +libopensc.3.dylib (0) <46468334-C135-3D0F-8A26-16E884D28B2B> /Library/OpenSC/*/libopensc.3.dylib
    0x7fff618a7000 -     0x7fff618dd837  dyld (353.2.1) <4696A982-1500-34EC-9777-1EF7A03E2659> /usr/lib/dyld
    0x7fff8bf21000 -     0x7fff8bf59ffb  libsystem_network.dylib (411) <C0B2313D-47BE-38A9-BEE6-2634A4F5E14B> /usr/lib/system/libsystem_network.dylib
    0x7fff8c4c6000 -     0x7fff8c51afff  libc++.1.dylib (120) <1B9530FD-989B-3174-BB1C-BDC159501710> /usr/lib/libc++.1.dylib
    0x7fff8cf19000 -     0x7fff8cf1eff7  libunwind.dylib (35.3) <BE7E51A0-B6EA-3A54-9CCA-9D88F683A6D6> /usr/lib/system/libunwind.dylib
    0x7fff8cff8000 -     0x7fff8cff9ff7  libsystem_blocks.dylib (65) <9615D10A-FCA7-3BE4-AA1A-1B195DACE1A1> /usr/lib/system/libsystem_blocks.dylib
    0x7fff8d011000 -     0x7fff8d03cfff  libc++abi.dylib (125) <88A22A0F-87C6-3002-BFBA-AC0F2808B8B9> /usr/lib/libc++abi.dylib
    0x7fff8d2c9000 -     0x7fff8d2e5ff7  libsystem_malloc.dylib (53.1.1) <19BCC257-5717-3502-A71F-95D65AFA861B> /usr/lib/system/libsystem_malloc.dylib
    0x7fff8e0be000 -     0x7fff8e0c5ff7  libcompiler_rt.dylib (35) <BF8FC133-EE10-3DA6-9B90-92039E28678F> /usr/lib/system/libcompiler_rt.dylib
    0x7fff8f22a000 -     0x7fff8f232ffb  libcopyfile.dylib (118.1.2) <0C68D3A6-ACDD-3EF3-991A-CC82C32AB836> /usr/lib/system/libcopyfile.dylib
    0x7fff8f4d6000 -     0x7fff8f4dffff  libsystem_pthread.dylib (105.1.4) <26B1897F-0CD3-30F3-B55A-37CB45062D73> /usr/lib/system/libsystem_pthread.dylib
    0x7fff8f5b5000 -     0x7fff8f94bfff  com.apple.CoreFoundation (6.9 - 1151.16) <F2B088AF-A5C6-3FAE-9EB4-7931AF6359E4> /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
    0x7fff904ff000 -     0x7fff90575fe7  libcorecrypto.dylib (233.1.2) <E1789801-3985-3949-B736-6B3378873301> /usr/lib/system/libcorecrypto.dylib
    0x7fff907b1000 -     0x7fff907b3ff7  libsystem_coreservices.dylib (9) <41B7C578-5A53-31C8-A96F-C73E030B0938> /usr/lib/system/libsystem_coreservices.dylib
    0x7fff907b4000 -     0x7fff907e4fff  libsystem_m.dylib (3086.1) <1E12AB45-6D96-36D0-A226-F24D9FB0D9D6> /usr/lib/system/libsystem_m.dylib
    0x7fff907e5000 -     0x7fff907e5ff7  libunc.dylib (29) <5676F7EA-C1DF-329F-B006-D2C3022B7D70> /usr/lib/system/libunc.dylib
    0x7fff90925000 -     0x7fff90942ffb  libresolv.9.dylib (57) <26B38E61-298A-3C3A-82C1-3B5E98AD5E29> /usr/lib/libresolv.9.dylib
    0x7fff9156f000 -     0x7fff9156fff7  libkeymgr.dylib (28) <77845842-DE70-3CC5-BD01-C3D14227CED5> /usr/lib/system/libkeymgr.dylib
    0x7fff91607000 -     0x7fff91608ffb  libremovefile.dylib (35) <3485B5F4-6CE8-3C62-8DFD-8736ED6E8531> /usr/lib/system/libremovefile.dylib
    0x7fff9199a000 -     0x7fff919c2fff  libxpc.dylib (559.1.22) <9437C02E-A07B-38C8-91CB-299FAA63083D> /usr/lib/system/libxpc.dylib
    0x7fff9274a000 -     0x7fff927d6fff  libsystem_c.dylib (1044.1.2) <C185E862-7424-3210-B528-6B822577A4B8> /usr/lib/system/libsystem_c.dylib
    0x7fff92916000 -     0x7fff92927ff7  libz.1.dylib (55) <88C7C7DE-04B8-316F-8B74-ACD9F3DE1AA1> /usr/lib/libz.1.dylib
    0x7fff92ff3000 -     0x7fff9301dff7  libdispatch.dylib (442.1.4) <502CF32B-669B-3709-8862-08188225E4F0> /usr/lib/system/libdispatch.dylib
    0x7fff93026000 -     0x7fff9302efff  libsystem_platform.dylib (63) <64E34079-D712-3D66-9CE2-418624A5C040> /usr/lib/system/libsystem_platform.dylib
    0x7fff93e5d000 -     0x7fff93e5efff  libDiagnosticMessagesClient.dylib (100) <2EE8E436-5CDC-34C5-9959-5BA218D507FB> /usr/lib/libDiagnosticMessagesClient.dylib
    0x7fff95a99000 -     0x7fff95aa1fff  libsystem_dnssd.dylib (561.1.1) <62B70ECA-E40D-3C63-896E-7F00EC386DDB> /usr/lib/system/libsystem_dnssd.dylib
    0x7fff95f64000 -     0x7fff95f64ff7  liblaunch.dylib (559.1.22) <8A988924-8BE7-35FE-BF7D-322E90EFE49E> /usr/lib/system/liblaunch.dylib
    0x7fff95f65000 -     0x7fff95f6bfff  libsystem_trace.dylib (72.1.3) <A9E6B7D8-C327-3742-AC54-86C94218B1DF> /usr/lib/system/libsystem_trace.dylib
    0x7fff973d3000 -     0x7fff973d4fff  libsystem_secinit.dylib (18) <581DAD0F-6B63-3A48-B63B-917AF799ABAA> /usr/lib/system/libsystem_secinit.dylib
    0x7fff97568000 -     0x7fff97590fff  libsystem_info.dylib (459) <B85A85D5-8530-3A93-B0C3-4DEC41F79478> /usr/lib/system/libsystem_info.dylib
    0x7fff97591000 -     0x7fff97593ff7  libquarantine.dylib (76) <DC041627-2D92-361C-BABF-A869A5C72293> /usr/lib/system/libquarantine.dylib
    0x7fff97594000 -     0x7fff97677fff  libcrypto.0.9.8.dylib (52) <7208EEE2-C090-383E-AADD-7E1BD1321BEC> /usr/lib/libcrypto.0.9.8.dylib
    0x7fff97678000 -     0x7fff9767cfff  libcache.dylib (69) <45E9A2E7-99C4-36B2-BEE3-0C4E11614AD1> /usr/lib/system/libcache.dylib
    0x7fff97727000 -     0x7fff9773dff7  libsystem_asl.dylib (267) <F153AC5B-0542-356E-88C8-20A62CA704E2> /usr/lib/system/libsystem_asl.dylib
    0x7fff9775e000 -     0x7fff97764ff7  libsystem_networkextension.dylib (167.1.10) <29AB225B-D7FB-30ED-9600-65D44B9A9442> /usr/lib/system/libsystem_networkextension.dylib
    0x7fff97881000 -     0x7fff9788aff7  libsystem_notify.dylib (133.1.1) <61147800-F320-3DAA-850C-BADF33855F29> /usr/lib/system/libsystem_notify.dylib
    0x7fff97a4b000 -     0x7fff97a4dff7  libsystem_sandbox.dylib (358.1.1) <DB9962EF-8898-31CC-9B87-E01F8CE74C9D> /usr/lib/system/libsystem_sandbox.dylib
    0x7fff97a96000 -     0x7fff97adcff7  libauto.dylib (186) <A260789B-D4D8-316A-9490-254767B8A5F1> /usr/lib/libauto.dylib
    0x7fff97c7f000 -     0x7fff97c81fff  libsystem_configuration.dylib (699.1.5) <9FBA1CE4-97D0-347E-A443-93ED94512E92> /usr/lib/system/libsystem_configuration.dylib
    0x7fff97cee000 -     0x7fff97ed3ff3  libicucore.A.dylib (531.30) <EF0E7544-E317-3550-A962-6AE65E78AF17> /usr/lib/libicucore.A.dylib
    0x7fff98775000 -     0x7fff9877aff7  libmacho.dylib (862) <126CA2ED-DE91-308F-8881-B9DAEC3C63B6> /usr/lib/system/libmacho.dylib
    0x7fff9877c000 -     0x7fff9877dfff  com.apple.TrustEvaluationAgent (2.0 - 25) <2D61A2C3-C83E-3A3F-8EC1-736DBEC250AB> /System/Library/PrivateFrameworks/TrustEvaluationAgent.framework/Versions/A/TrustEvaluationAgent
    0x7fff98a81000 -     0x7fff98a84ff7  libdyld.dylib (353.2.1) <19FAF435-C165-3374-9DEF-D7BBA7D61DB6> /usr/lib/system/libdyld.dylib
    0x7fff98c93000 -     0x7fff98c94fff  libSystem.B.dylib (1213) <DA954461-EC6A-3DF0-8551-6FC810627627> /usr/lib/libSystem.B.dylib
    0x7fff98f7e000 -     0x7fff98f8fff7  libsystem_coretls.dylib (35.1.2) <EBBF7EF6-80D8-3F8F-825C-B412BD6D22C0> /usr/lib/system/libsystem_coretls.dylib
    0x7fff99b81000 -     0x7fff99b9efff  libsystem_kernel.dylib (2782.1.97) <93E0E0A9-75B6-3904-BB4E-4BC7C05F4B6B> /usr/lib/system/libsystem_kernel.dylib
    0x7fff99f3d000 -     0x7fff99f48fff  libcommonCrypto.dylib (60061) <D381EBC6-69D8-31D3-8084-5A80A32CB748> /usr/lib/system/libcommonCrypto.dylib
    0x7fff9a78b000 -     0x7fff9a78ffff  libsystem_stats.dylib (163.1.4) <1DB04436-5974-3F16-86CC-5FF5F390339C> /usr/lib/system/libsystem_stats.dylib
    0x7fff9a8ad000 -     0x7fff9aa92267  libobjc.A.dylib (646) <3B60CD90-74A2-3A5D-9686-B0772159792A> /usr/lib/libobjc.A.dylib

External Modification Summary:
  Calls made by other processes targeting this process:
    task_for_pid: 0
    thread_create: 0
    thread_set_state: 0
  Calls made by this process:
    task_for_pid: 0
    thread_create: 0
    thread_set_state: 0
  Calls made by all processes on this machine:
    task_for_pid: 1279
    thread_create: 0
    thread_set_state: 0

VM Region Summary:
ReadOnly portion of Libraries: Total=87.1M resident=26.1M(30%) swapped_out_or_unallocated=61.0M(70%)
Writable regions: Total=32.1M written=268K(1%) resident=2772K(8%) swapped_out=0K(0%) unallocated=29.4M(92%)
 
REGION TYPE                      VIRTUAL
===========                      =======
Dispatch continuations             4096K
Kernel Alloc Once                     4K
MALLOC                             18.2M
MALLOC (admin)                       16K
MALLOC_LARGE (reserved)             256K        reserved VM address space (unallocated)
STACK GUARD                        56.0M
Stack                              9316K
VM_ALLOCATE                          28K
__DATA                             1644K
__LINKEDIT                         70.6M
__TEXT                             16.5M
__UNICODE                           544K
shared memory                         4K
===========                      =======
TOTAL                             176.9M
TOTAL, minus reserved VM space    176.6M
 
 
Please help resolve this.

This seems similar to http://www.sparklabs.com/forum/viewtopic.php?f=3&t=1665

I never see the tun0 interface come up. I tried
Code: Select all
while true; do ifconfig tun0; sleep 0.5; done
in a terminal whilst bringing up the VPN in another terminal but I only ever got
Code: Select all
ifconfig: interface tun0 does not exist
.

They mention running a beta, but I don't see where I can download betas to see if this issue has already been fixed.

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Fri Nov 28, 2014 12:11 am
Hi berne,

Thanks for posting your debugging information: it appears it is the OpenSC driver that is crashing (as it is loaded by OpenVPN the openvpn process is also taken down). I'd recommend getting in touch with the OpenSC team to see if they have any solutions for you. The following portion of the crash log would most likely help them:
Code: Select all
Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x0000000000000110

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   libdispatch.dylib                0x00007fff930055d2 _dispatch_queue_wakeup_with_qos_slow + 525
1   libdispatch.dylib                0x00007fff930055f8 _dispatch_queue_wakeup_with_qos_slow + 563
2   libdispatch.dylib                0x00007fff92ffacfc _dispatch_mach_msg_send + 1690
3   libdispatch.dylib                0x00007fff92ffa5e4 dispatch_mach_send + 326
4   libxpc.dylib                     0x00007fff919a38b1 _xpc_connection_send_message_with_reply_f + 125
5   libxpc.dylib                     0x00007fff919a37c2 xpc_connection_send_message_with_reply_sync + 185
6   com.apple.pcsc                   0x0000000110038c5b transact + 604
7   com.apple.pcsc                   0x00000001100396b7 SCardDisconnect + 84
8   libopensc.3.dylib                0x000000011065043b pcsc_disconnect + 107
9   libopensc.3.dylib                0x0000000110611632 sc_disconnect_card + 274
I'm afraid there is nothing we can do about it from our end: the problem lies in the PKCS#11 driver being used. If you have a commercial token/smartcard it might be worth checking if there are any official drivers for Mac OS X that you can use as an alternative.

The following post by a user during the Yosemite beta may also be relevant: they had to edit the OpenSC driver to stop it crashing under Yosemite. The same fix may need to be used.
http://www.sparklabs.com/forum/viewtopi ... 4581#p4581

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs

berne

Posts: 5
Joined: Wed Nov 26, 2014 5:34 pm

Post by berne » Sat Nov 29, 2014 7:25 pm
I tried to comment out the bit of code you pointed me to that dirkx mentions in the opensc-devel mailing list
Code: Select all
 int sc_release_context(sc_context_t *ctx)
	... 
	       if (ctx->reader_driver->ops->finish != NULL)
        	       ctx->reader_driver->ops->finish(ctx);
I found it in two places, and did it in both because I wasn't 100% sure which file was going into the final build, so to be sure I did both. Regardless the issue remained.

After lots of mucking around downloading and compiling the various pieces I managed to get this working with a manually compiled openvpn. I haven't yet managed to get it working with Viscosity.

I compiled my own openvn, OpenSC, and pkcs11-helper. These are the versions I used: -

openvpn a$ git branch -v
* master 65eedc3 Peer-id patch v7

OpenSC a$ git branch -v
* master 8aadbbd Merge pull request #332 from Ecordonnier-theobroma/westcos-tool

(This pulls in some other GIT repos automagically)
engine_pkcs11 a$ git branch -v
* master 5abdc7e Merge pull request #6 from alonbl/build
ibp11 a$ git branch -v
* master ab6306e Merge pull request #5 from alonbl/build
OpenSC.tokend a$ git branch -v
* master fcb2c7c Merge pull request #6 from metsma/removeworld

pkcs11-helper a$ git branch -v
* (detached from e7adf8f) e7adf8f pkcs11-helper-1.11
( I had to go backwards because of compile errors in HEAD)

With pkcs11-helper I configured it to disable threading and slotevent. This made openvpn work without crashing after forking when trying to configure the (u)tun interface. Before with default ./configure I would get the same crash in libdispatch (GCD).

Also a correction to earlier, the utun0 interface was coming up, I was looking for tun0, but it is actually utun0. It comes up very briefly before OpenVPN crashes.

I think that the openvpn that comes with Viscosity is not using my custom built pkcs11-helper library. Actually I just attached lldb and it does seem to be using my libpkcs11-helper. I'm not sure why it still gets the same crash. I'm missing something (I'm making a mistake / not understanding something that's going on).

I'll play around some more and see if I can make Viscosity's GUI work by using my compiled version of openvpn and/or making sure it's using the other components I compiled (OpenSC, libpkcs11-helper, etc).

I'm very glad to at least have this working on OS X Yosemite. I can live without a GUI for now, although it would be nice.

I'm not sure where the best place is to report this bug, I'm not exactly sure which component is is that is most at fault. Can you help me identify which project I should send this bug report to?

I'm guessing libpks11-helper, since disabling threadings and slotevent fixed the issue, although maybe it is the victim and I'm just avoiding the problem. Maybe OpenVPN or OpenSC is not being thread-safe... I don't understand the internals enough to properly diagnose it.

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Mon Dec 01, 2014 8:09 am
Hi berne,
After lots of mucking around downloading and compiling the various pieces I managed to get this working with a manually compiled openvpn. I haven't yet managed to get it working with Viscosity.
Viscosity's copy of the OpenVPN binary lives at "/Library/Application Support/Viscosity/openvpn". You can replace this with your own build, you'll just need to ensure the permissions exactly match (otherwise Viscosity will overwrite it).
I'm not sure where the best place is to report this bug, I'm not exactly sure which component is is that is most at fault. Can you help me identify which project I should send this bug report to?
I would recommend throwing up a new issue for the OpenSC project. They are also the maintainers of the pkcs11-helper project, and so they can direct it as required:
https://github.com/OpenSC/OpenSC/issues

Your build setting changes are interesting - we'll do some more looking into it on our end. However as we know Viscosity is being used with a number of other PKCS#11 drivers/devices without issue I think we'd be reluctant to make any rash changes on the off chance they break compatibility with currently working devices.

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs

berne

Posts: 5
Joined: Wed Nov 26, 2014 5:34 pm

Post by berne » Tue Dec 02, 2014 9:09 am
Thanks for the help James.
James wrote:
Viscosity's copy of the OpenVPN binary lives at "/Library/Application Support/Viscosity/openvpn". You can replace this with your own build, you'll just need to ensure the permissions exactly match (otherwise Viscosity will overwrite it).
I saw that. I'm going to try to get the Viscosity GUI to work. I expected when my pkcs11-helper was used that it would work, but there must be more differences in the mix that's important. I'll post again once I have worked it out.
James wrote:
I would recommend throwing up a new issue for the OpenSC project. They are also the maintainers of the pkcs11-helper project, and so they can direct it as required:
https://github.com/OpenSC/OpenSC/issues
I've posted the issue to OpenSC's github page.
https://github.com/OpenSC/OpenSC/issues/333
James wrote:
Your build setting changes are interesting - we'll do some more looking into it on our end. However as we know Viscosity is being used with a number of other PKCS#11 drivers/devices without issue I think we'd be reluctant to make any rash changes on the off chance they break compatibility with currently working devices.
That sounds reasonable. I would want to wait for the root-cause to be fully diagnosed and understood before rolling out changes.

crashdump

Posts: 9
Joined: Wed Aug 20, 2014 7:37 pm

Post by crashdump » Tue Dec 02, 2014 10:06 am
Thank you Berne, I managed to build a working OpenVPN based on your work and I am now able to connect from a shell !

Note that I did not comment out anything in the last revision of OpenSC – The only thing I did was to build pkcs11-helper with "--disable-slotevent" and "--disable-threading".
Code: Select all
$ brew install lzo snappy libtool openssl
$ brew install --HEAD opensc
$ brew edit pkcs11-helper
The command above opens your favourite editor, just add "--disable-slotevent" and "--disable-threading" to "./configure" then save and quit.
Code: Select all
$ brew install --HEAD pkcs11-helper
$ git clone git://github.com/OpenVPN/openvpn.git openvpn && cd openvpn
$ autoreconf -vif 
$ PKCS11_HELPER_CFLAGS="-I/usr/local/Cellar/pkcs11-helper/HEAD/include" \
  PKCS11_HELPER_LIBS="-L/usr/local/Cellar/pkcs11-helper/HEAD/lib" \
  CPPFLAGS="-I/usr/local/opt/openssl/include" \
  LDFLAGS="-L/usr/local/opt/openssl/lib -lpkcs11-helper" \
  ./configure --enable-pkcs11  --enable-ssl --enable-password-save
$ make
$ sudo mv /Library/Application\ Support/Viscosity/openvpn /Library/Application\ Support/Viscosity/openvpn.old
$ sudo cp src/openvpn/openvpn /Library/Application\ Support/Viscosity/openvpn
$ sudo chmod 755 /Library/Application\ Support/Viscosity/openvpn
Make sure the PKCS#11 provider in configuration file points to "/usr/local/lib/opensc-pkcs11.so".

This does work when I establish the connection through the Terminal but not with Viscosity. It just disconnect immediately, I don't know why.

berne

Posts: 5
Joined: Wed Nov 26, 2014 5:34 pm

Post by berne » Tue Dec 02, 2014 10:58 pm
You're most welcome crashdump. In a way I'm glad I'm not the only one hitting this issue as it means I'm not alone, and the more people working on it, discovering things and posting their findings the better. It also adds more weight to the issue so hopefully it will get properly resolved, although I wish none of us would had this problem.
crashdump wrote:
Note that I did not comment out anything in the last revision of OpenSC – The only thing I did was to build pkcs11-helper with "--disable-slotevent" and "--disable-threading".
That's good to know definitely. When it didn't fix the issue I suspected it was probably not necessary, but I hadn't tested the theory. I since have and got the same results as you.

Thanks for posting the brew solution, it's a nicer solution then obtaining everything from git and building it. Following my method I have opensc-pkcs11.so in a different location, shown below, the latter two are symlinks to the first.
Code: Select all
$ locate opensc-pkcs11.so
/Library/OpenSC/lib/opensc-pkcs11.so
/Library/OpenSC/lib/pkcs11/opensc-pkcs11.so
/usr/lib/opensc-pkcs11.so
I got Viscosity's GUI to work in Yosemite by replacing `/Library/Application Support/Viscosity/openvpn` with my version of openvpn. It wasn't enough to just update pkcs11-helper. From lldb it looks like my version is being used, but I'm dubious of this. `otool -L` shows differences between my version and Viscosity's, the file size is also quite different, which makes me suspect that Viscosity's is using at least some static libraries, possibly pkcs11-helper, which could explain why it didn't work until I replaced the OpenVPN binary. I would like to go back over this to be more definitive.

Also initially I had been replacing the wrong openvpn, I had been replacing the one in `/Applications/Viscosity.app/Contents/MacOS/openvpn`, so make sure you are replacing the `/Library/Application Support/Viscosity/openvpn` one, and as James said make sure the permissions are the same. When he said Viscosity will replace it, I presume it will take the one from /Application.

Hopefully this helps you to get the GUI working as well. If it's still not working it must be something else, besides using brew I think we have near identical setups. Check `console` to see if there is any crashes, and check the openvpn log etc.

If you are interested this is the file size and otool -L differences I see on Mavericks with Viscosity 1.5.2 (1242) versus mine built as described above.
Code: Select all
MD5 (/Applications/Viscosity.app/Contents/MacOS/openvpn) = ad53ad89743efdd246e2b2ef5f99a75e

-rwxr-xr-x  1 a  staff  2723600 16 Oct 17:19 /Applications/Viscosity.app/Contents/MacOS/openvpn
-rwxr-xr-x  1 a  staff   777112  2 Dec 23:26 ~/Documents/co/git/openvpn/src/openvpn/openvpn

/Applications/Viscosity.app/Contents/MacOS/openvpn:
	/usr/lib/libresolv.9.dylib (compatibility version 1.0.0, current version 1.0.0)
	/usr/lib/libz.1.dylib (compatibility version 1.0.0, current version 1.2.5)
	/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1197.1.1)

~/Documents/co/git/openvpn/src/openvpn/openvpn:
	/usr/lib/libresolv.9.dylib (compatibility version 1.0.0, current version 1.0.0)
	/usr/local/lib/liblzo2.2.dylib (compatibility version 3.0.0, current version 3.0.0)
	/usr/local/lib/libpkcs11-helper.1.dylib (compatibility version 2.0.0, current version 2.0.0)
	/usr/lib/libssl.0.9.8.dylib (compatibility version 0.9.8, current version 0.9.8)
	/usr/lib/libcrypto.0.9.8.dylib (compatibility version 0.9.8, current version 0.9.8)
	/usr/lib/libz.1.dylib (compatibility version 1.0.0, current version 1.2.5)
	/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1197.1.1)
@James Do you expect Viscosity's bundled openvpn to pick up the libpkcs11-helper shared library or does it use a statically linked one?

I've found a build that works but I haven't definitively narrowed down the smallest amount of changes from Viscosity's bundle to make it work, it seems to be more than just pkcs11-helper with threading (and slotevent) disabled although that appears to be key.

Also as mentioned in the OpenSC ticket 333 I get a similar issue on Mavericks, except it hangs on the fork to exec ifconfig rather than crashing as in Yosemite.

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Wed Dec 03, 2014 10:19 am
Hi All,

We've just pushed out an updated beta with the same compile-time changes to pkcs11-helper, you may like to give it a try and see if it resolves the issue. We're waiting on feedback from some enterprise users who are using Viscosity with commercial PKCS#11 driver/provider software to see whether the changes cause any compatibility regressions. If the feedback looks good we'll include it in the next stable update, otherwise we'll leave it in the beta builds for the time being.

1. Open Viscosity's Preferences window and click on the General toolbar icon
2. Tick the "Include beta versions" checkbox
3. Click the Check Now button to see if a beta update is available
@James Do you expect Viscosity's bundled openvpn to pick up the libpkcs11-helper shared library or does it use a statically linked one?
Viscosity's copy of OpenVPN uses a static version of the pkcs11-helper (1.11). It won't attempt to link to a dynamic lib if present.

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs

crashdump

Posts: 9
Joined: Wed Aug 20, 2014 7:37 pm

Post by crashdump » Wed Dec 03, 2014 10:37 am
Thank you very much James,
Code: Select all
(...)
Dec 02 23:33:27: Initialization Sequence Completed
Dec 02 23:33:27: MANAGEMENT: >STATE:1417563207,CONNECTED,SUCCESS,10.244.0.30,5.5.5.5


It's working perfectly here !
9 posts Page 1 of 1