Can't start OpenVPN clients after upgrade to 23.01
-
Hi there,
I read the change logs and watched some videos about 23.01 about the well known bugs, but it seems that mine is different.The OpenVPN clients are unable to start, I switched the verbosity of one of it just to gather some useful info but the only things mentioned in the logs are:
Feb 22 12:05:28 openvpn 45009 Options error: You must define certificate file (--cert) or PKCS#12 file (--pkcs12)I'm quite sure that the correct certificate is selected, I have checked the certificate page and they are all in place. I have checked this and this but it doesn't help at all. After the reboot the issue still persist.
DCO is disabled if this matters. Here is some more technical info about the used config:
[23.01-RELEASE][admin@sofn1010fw301.home.lan]/root: openvpn --config /var/etc/openvpn/client2/config.ovpn --verb 3 [23.01-RELEASE][admin@sofn1010fw301.home.lan]/root: echo $? 1 [23.01-RELEASE][admin@sofn1010fw301.home.lan]/root: openvpn --config /var/etc/openvpn/client2/config.ovpn --verb 8 [23.01-RELEASE][admin@sofn1010fw301.home.lan]/root: echo $? 1dev ovpnc2 disable-dco verb 1 dev-type tun dev-node /dev/tun2 writepid /var/run/openvpn_client2.pid #user nobody #group nobody script-security 3 daemon keepalive 10 1800 ping-timer-rem persist-tun persist-key proto tcp4-client auth SHA1 up /usr/local/sbin/ovpn-linkup down /usr/local/sbin/ovpn-linkdown local 11.111.111.11 engine devcrypto tls-client lport 0 management /var/etc/openvpn/client2/sock unix remote REMOTE_HIDEN 1194 tcp4-client ifconfig 172.16.25.2 172.16.25.1 auth-user-pass /var/etc/openvpn/client2/up auth-retry nointeract remote-cert-tls server capath /var/etc/openvpn/client2/ca data-ciphers AES-128-GCM:AES-256-CBC data-ciphers-fallback AES-256-CBC allow-compression asym resolv-retry infinite topology subnet reneg-sec 43200[23.01-RELEASE][admin@sofn1010fw301.home.lan]/root: ls -la /dev/tun2 crw------- 1 uucp dialer 0x77 Feb 22 11:27 /dev/tun2 [23.01-RELEASE][admin@sofn1010fw301.home.lan]/root: ls -la /var/etc/openvpn/client2/ca total 14 drwxr-xr-x 2 root wheel 3 Feb 22 11:30 . drwxr-xr-x 4 root wheel 8 Feb 22 11:27 .. -rw-r--r-- 1 root wheel 1346 Feb 22 11:30 8ad07523.0 [23.01-RELEASE][admin@sofn1010fw301.home.lan]/root: ls -la /var/etc/openvpn/client2/config.ovpn -rw------- 1 root wheel 749 Feb 22 11:30 /var/etc/openvpn/client2/config.ovpn [23.01-RELEASE][admin@sofn1010fw301.home.lan]/root: openvpn --mktun --dev tun2 2023-02-22 11:58:08 Note: --mktun does not support DCO. Creating TUN interface. 2023-02-22 11:58:08 Options error: options --mktun and --rmtun are not available on your operating system. Please check 'man tun' (or 'tap'), whether your system supports using 'ifconfig tun2 create' / 'destroy' to create/remove persistent tunnel interfaces. 2023-02-22 11:58:08 Exiting due to fatal error [23.01-RELEASE][admin@sofn1010fw301.home.lan]/root: kldxref /boot/kernel [23.01-RELEASE][admin@sofn1010fw301.home.lan]/root:Any advises are welcomed.
Thanks. -
Now after the CA and OpenVPN client re-creation I got:
Feb 22 18:44:57 php-fpm 846 /vpn_openvpn_client.php: The command '/usr/local/sbin/openvpn --config '/var/etc/openvpn/client2/config.ovpn'' returned exit code '1', the output was ''This not help at all..
Still wondering how to increase the verbosity level -
Ok. I've managed to fix it.
I used OpenVPN import functionality and it has imported the tunnel and it works as expected. Quite strange for me, but I compared the backups and it seems that the OpenVPN interface refuse to start when you put remote networks. Left the field empty allow the OpenVPN client to pull this settings from the server and it correctly set the needed IP address of the tunnel.All good. End of story.
I still can't answer to myself why the OpenVPN daemon returned exit status 1 and quit without any warnings/errors when I tested it in the console.
