OpenVPN systemd CapabilityBoundingSet breaking notifications with exim4

At work we employ a openvpn server when working remotely and wanting to access firewall restricted locations. At some point a colleague of mine started facing disconnects to the server. We tracked down the issue being the feature of protecting against SWEET32 attacks, introduced in openvpn client version 2.4. We thus decided to upgrade our openvpn server too and bring version 2.4 from jessie-backports. When a client successfully connects to the VPN server a script is executed and sends email notifications to the LDAP user’s email about the VPN session details, such as the remote IP address used: [Read More]

Why kernel is dropping frames?

Kernel is dropping packets At work, when we did setup prometheus alerting we started getting nofitications like this: description = is dropping frames at a rate of 0.10340541666666667 frames per sec To output this alert, prometheus-node-exporter reads /proc/net/softnet_stat filepath, which contains a line for every CPU. The 2nd column of each line counts dropped frames in hexadecimal. A nicer output can be provided if we query prometheus directly from within the host: [Read More]