Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Exiting due to fatal error

    Scheduled Pinned Locked Moved OpenVPN
    7 Posts 4 Posters 2.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bgibson
      last edited by

      Morning,
      I've noticed this has been happening more and more lately. For instance, this morning, we had a secondary ISP go offline then back online. Once back online, the vpn shows in the off state. When trying to restart, it states its exiting due to fatal error. When I run the command from ssh, it states the address is already in use. No where on this box shows the current tunnel ip in use. If I change the tunnel IP and restart the vpn, it comes right up. I'm having to reboot the pfsense router to resolve this. we are currently running version 2.3.3.

      Is this a bug with pfsense? I can provide logs if needed, but I can not find where this address shows already in use.

      1 Reply Last reply Reply Quote 0
      • B
        bgibson
        last edited by

        Based on what I've seen online, this isn't the first time this has happened. Is there any way to fix my vpns without rebooting our router?

        1 Reply Last reply Reply Quote 0
        • M
          mrpsycho
          last edited by

          look like i have the same problem on 2.4.3.

          
May 8 13:41:05	openvpn	73585	WARNING: using --pull/--client and --ifconfig together is probably not what you want
May 8 13:41:05	openvpn	73585	WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
May 8 13:41:05	openvpn	73585	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
May 8 13:41:05	openvpn	73585	TCP/UDP: Preserving recently used remote address: [AF_INET]185.34.52.16:443
May 8 13:41:05	openvpn	73585	Attempting to establish TCP connection with [AF_INET]185.34.52.16:443 [nonblock]
May 8 13:41:06	openvpn	73585	TCP connection established with [AF_INET]185.34.52.16:443
May 8 13:41:06	openvpn	73585	TCPv4_CLIENT link local (bound): [AF_INET]82.140.19.25:0
May 8 13:41:06	openvpn	73585	TCPv4_CLIENT link remote: [AF_INET]185.34.52.16:443
May 8 13:41:06	openvpn	73585	[server] Peer Connection Initiated with [AF_INET]185.34.52.16:443
May 8 13:41:08	openvpn	73585	TUN/TAP device ovpnc3 exists previously, keep at program end
May 8 13:41:08	openvpn	73585	TUN/TAP device /dev/tun3 opened
May 8 13:41:08	openvpn	73585	do_ifconfig, tt->did_ifconfig_ipv6_setup=0
May 8 13:41:08	openvpn	73585	/sbin/ifconfig ovpnc3 10.8.0.2 10.8.0.1 mtu 1500 netmask 255.255.255.0 up
May 8 13:41:08	openvpn	73585	FreeBSD ifconfig failed: external program exited with error status: 1
May 8 13:41:08	openvpn	73585	Exiting due to fatal error

          and after reboot VPN starts and all is working as it should.

          why?

          1 Reply Last reply Reply Quote 0
          • M
            mrpsycho
            last edited by

            more detailed logs:

            Mon May 14 13:37:05 2018 us=232901 Incoming Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
Mon May 14 13:37:05 2018 us=232947 TUN/TAP device ovpnc3 exists previously, keep at program end
Mon May 14 13:37:05 2018 us=232987 TUN/TAP device /dev/tun3 opened
Mon May 14 13:37:05 2018 us=233001 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Mon May 14 13:37:05 2018 us=233022 /sbin/ifconfig ovpnc3 10.8.0.2 10.8.0.1 mtu 1500 netmask 255.255.255.0 up
ifconfig: ioctl (SIOCAIFADDR): File exists
Mon May 14 13:37:05 2018 us=237265 FreeBSD ifconfig failed: external program exited with error status: 1
Mon May 14 13:37:05 2018 us=237288 Exiting due to fatal error
            1 Reply Last reply Reply Quote 0
            • M
              mrpsycho
              last edited by

              ok.

              i figured it out.

              there is a bug: pfsense doesn't support 2 or more OpenVPN client configurations with TUN device.

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                @mrpsycho:

                ok.

                i figured it out.

                there is a bug: pfsense doesn't support 2 or more OpenVPN client configurations with TUN device.

                Completely untrue.

                You must, however, use different tunnel networks for each tunnel.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • ?
                  A Former User
                  last edited by A Former User

                  @mrpsycho said in OpenVPN Exiting due to fatal error:

                  10.8.0.2

                  What derelict failed to clarify is that you are attempting to assign the same IP address to two different interfaces.

                  This occurs when you are trying to make duplicate VPN connections that assign the same IP address to a TUN interface that has already been used by another connection's TUN interface.

                  Look at your OpenVPN logs and the address that are being assigned by your VPN provider via the PUSH= entries. If you see that each separate VPN connection is trying to use the same local IP address to assign the its local TUN interface for each connection, this will not work when using multiple VPN connections. Each connection needs to assign an unique IP address to it's local TUN interface or you will have a conflict as indicated by the "ifconfig: ioctl (SIOCAIFADDR): File exists" error.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.