OpenVPN Exiting due to fatal error
-
Morning,
I've noticed this has been happening more and more lately. For instance, this morning, we had a secondary ISP go offline then back online. Once back online, the vpn shows in the off state. When trying to restart, it states its exiting due to fatal error. When I run the command from ssh, it states the address is already in use. No where on this box shows the current tunnel ip in use. If I change the tunnel IP and restart the vpn, it comes right up. I'm having to reboot the pfsense router to resolve this. we are currently running version 2.3.3.Is this a bug with pfsense? I can provide logs if needed, but I can not find where this address shows already in use.
-
Based on what I've seen online, this isn't the first time this has happened. Is there any way to fix my vpns without rebooting our router?
-
look like i have the same problem on 2.4.3.
May 8 13:41:05 openvpn 73585 WARNING: using --pull/--client and --ifconfig together is probably not what you want May 8 13:41:05 openvpn 73585 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. May 8 13:41:05 openvpn 73585 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts May 8 13:41:05 openvpn 73585 TCP/UDP: Preserving recently used remote address: [AF_INET]185.34.52.16:443 May 8 13:41:05 openvpn 73585 Attempting to establish TCP connection with [AF_INET]185.34.52.16:443 [nonblock] May 8 13:41:06 openvpn 73585 TCP connection established with [AF_INET]185.34.52.16:443 May 8 13:41:06 openvpn 73585 TCPv4_CLIENT link local (bound): [AF_INET]82.140.19.25:0 May 8 13:41:06 openvpn 73585 TCPv4_CLIENT link remote: [AF_INET]185.34.52.16:443 May 8 13:41:06 openvpn 73585 [server] Peer Connection Initiated with [AF_INET]185.34.52.16:443 May 8 13:41:08 openvpn 73585 TUN/TAP device ovpnc3 exists previously, keep at program end May 8 13:41:08 openvpn 73585 TUN/TAP device /dev/tun3 opened May 8 13:41:08 openvpn 73585 do_ifconfig, tt->did_ifconfig_ipv6_setup=0 May 8 13:41:08 openvpn 73585 /sbin/ifconfig ovpnc3 10.8.0.2 10.8.0.1 mtu 1500 netmask 255.255.255.0 up May 8 13:41:08 openvpn 73585 FreeBSD ifconfig failed: external program exited with error status: 1 May 8 13:41:08 openvpn 73585 Exiting due to fatal error
and after reboot VPN starts and all is working as it should.
why?
-
more detailed logs:
Mon May 14 13:37:05 2018 us=232901 Incoming Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication Mon May 14 13:37:05 2018 us=232947 TUN/TAP device ovpnc3 exists previously, keep at program end Mon May 14 13:37:05 2018 us=232987 TUN/TAP device /dev/tun3 opened Mon May 14 13:37:05 2018 us=233001 do_ifconfig, tt->did_ifconfig_ipv6_setup=0 Mon May 14 13:37:05 2018 us=233022 /sbin/ifconfig ovpnc3 10.8.0.2 10.8.0.1 mtu 1500 netmask 255.255.255.0 up ifconfig: ioctl (SIOCAIFADDR): File exists Mon May 14 13:37:05 2018 us=237265 FreeBSD ifconfig failed: external program exited with error status: 1 Mon May 14 13:37:05 2018 us=237288 Exiting due to fatal error
-
ok.
i figured it out.
there is a bug: pfsense doesn't support 2 or more OpenVPN client configurations with TUN device.
-
ok.
i figured it out.
there is a bug: pfsense doesn't support 2 or more OpenVPN client configurations with TUN device.
Completely untrue.
You must, however, use different tunnel networks for each tunnel.
-
@mrpsycho said in OpenVPN Exiting due to fatal error:
10.8.0.2
What derelict failed to clarify is that you are attempting to assign the same IP address to two different interfaces.
This occurs when you are trying to make duplicate VPN connections that assign the same IP address to a TUN interface that has already been used by another connection's TUN interface.
Look at your OpenVPN logs and the address that are being assigned by your VPN provider via the PUSH= entries. If you see that each separate VPN connection is trying to use the same local IP address to assign the its local TUN interface for each connection, this will not work when using multiple VPN connections. Each connection needs to assign an unique IP address to it's local TUN interface or you will have a conflict as indicated by the "ifconfig: ioctl (SIOCAIFADDR): File exists" error.