Unable to contact daemon Service not running?
-
Today I upgraded to pfSense 2.1-RELEASE and noticed that my OpenVPN client no longer worked. It said "Service not running?" and "Unable to contact daemon." I tried starting the service from the web GUI but it would not start. Meanwhile, my OpenVPN server worked fine.
I noticed that in the Advanced Configuration panel of my OpenVPN client there was this line:
auth-user-pass /var/etc/openvpn/client1.userpass;
So, I enabled the SSH daemon and logged in as admin to see if that file existed. It didn't! I can see that the pfSense upgrade migrated all of my client1.* and server2.* files but it lost the client1.userpass file. I probably created this file by hand a long time ago. So, I re-created the two line file. The first line is the username and the second line is the password. I gave it 600 permissions like the rest of the files. It is owned by root:wheel.
After doing this I was able to start the OpenVPN client service in the web GUI and it worked. I can now access the VPN.
-
Did some debugging, haven't really had any impact since the vpn connection has worked even though the gui states not running.
It is apparantly the management socket for openvpn (client 5 for me) that refuses connections.
[2.1.2-RELEASE][root@pfsense-1.basement2.int]/var/etc/openvpn(24): cat client5.sock
cat: client5.sock: Connection refused
[2.1.2-RELEASE][root@pfsense-1.basement2.int]/var/etc/openvpn(25): cat client6.sockINFO:OpenVPN Management Interface Version 1 – type 'help' for more info
I tried stopping openvpn using the gui but since it seems to be using the management socket for shutting down the client as well this wasn't working. I killed the client manually over ssh and after restarting it everything worked as intended.
Seems like openvpn sometimes failes to create the management socket?
I think the gui should report failure to shut down the openvpn client if the management socket isn't reachable.
-
Hi again and Happy New Year!
Just to follow a suggestion I did a fresh full-install of pfsense 2.1.5 i386 on a notebook with SSD and copied my config file to this installation. After adjusting the interfaces, installing packages and moving /var and /tmp to RAM disks, I recognized that the GUI presents the error mentioned above. Usually the problem resolved in the past after rebooting, but this time the problem survived…
Although the issues is only annoying rather than problematic in any way (except for not letting me know when the tunnels are really down...), it would be nice if there was a persistent fix to this...
Kind regards
chemlud
PS:
Log after successful establishing tunnels after reboot:
Jan 2 13:09:46 openvpn[70901]: Initialization Sequence Completed
Jan 2 13:09:46 openvpn[70901]: Peer Connection Initiated with [AF_INET]ip:port
Jan 2 13:09:44 openvpn[37187]: Exiting due to fatal error
Jan 2 13:09:44 openvpn[37187]: Cannot open TUN/TAP dev /dev/tun2: Device busy (errno=16)
Jan 2 13:09:44 openvpn[37187]: TUN/TAP device ovpnc2 exists previously, keep at program end
Jan 2 13:09:44 openvpn[36176]: Exiting due to fatal error
Jan 2 13:09:44 openvpn[36176]: Cannot open TUN/TAP dev /dev/tun1: Device busy (errno=16)
Jan 2 13:09:44 openvpn[36176]: TUN/TAP device ovpnc1 exists previously, keep at program end
Jan 2 13:09:41 openvpn[71703]: Initialization Sequence Completed -
Did some debugging, haven't really had any impact since the vpn connection has worked even though the gui states not running.
It is apparantly the management socket for openvpn (client 5 for me) that refuses connections.
[2.1.2-RELEASE][root@pfsense-1.basement2.int]/var/etc/openvpn(24): cat client5.sock
cat: client5.sock: Connection refused
[2.1.2-RELEASE][root@pfsense-1.basement2.int]/var/etc/openvpn(25): cat client6.sockINFO:OpenVPN Management Interface Version 1 – type 'help' for more info
I tried stopping openvpn using the gui but since it seems to be using the management socket for shutting down the client as well this wasn't working. I killed the client manually over ssh and after restarting it everything worked as intended.
Seems like openvpn sometimes failes to create the management socket?
I think the gui should report failure to shut down the openvpn client if the management socket isn't reachable.
Do you have command for killing client manually over ssh?
I have same problem as you, opevpn client not running and refused to cat socket?
thx -
Do you have command for killing client manually over ssh?
I have same problem as you, opevpn client not running and refused to cat socket?
thxyou need to find the process id or PID.
you can do this by doing:
[2.2.1-RELEASE][root@pfsense]/root: ps aux | grep openvpn root 20056 0.0 1.8 12732 4004 - Ss Tue10PM 1:42.80 /usr/local/sbin/openvpn --config / root 31962 0.0 0.9 10396 1964 0 S+ 4:55PM 0:00.00 grep openvpn [2.2.1-RELEASE][root@pfsense.vbees.lan]/root: kill -9 20056so basically you find out the pid by: ps aux | grep openvpn (its the first number after the command, in my case 20056)
then you kill the process by: kill -9 20056 -
Funny! When entered in the Diagnostics: Execute command
$ ps aux | grep openvpn
root 94050 0.0 0.1 10396 2036 - S 5:18PM 0:00.00 grep openvpn…although 2 tunnels up and running.
-
-
The reason it doesn't work in the GUI is it doesn't see "openvpn" with the grep because the buffer isn't holding enough characters. If you run the command on the physical console, you'll get the same results. In SSH you can see more characters horizontally, so the grep can see the "openvpn".
If you run the command without the u, you can see it in the web console. ps ax | grep vpn
-
You cam also do:
ps auxww | grep openvpnThe "ww" makes the output "wide-wide" - it passes everything to the grep, so you see all matches properly.
-
Did some debugging, haven't really had any impact since the vpn connection has worked even though the gui states not running.
It is apparantly the management socket for openvpn (client 5 for me) that refuses connections.
[2.1.2-RELEASE][root@pfsense-1.basement2.int]/var/etc/openvpn(24): cat client5.sock
cat: client5.sock: Connection refused
[2.1.2-RELEASE][root@pfsense-1.basement2.int]/var/etc/openvpn(25): cat client6.sockINFO:OpenVPN Management Interface Version 1 – type 'help' for more info
I tried stopping openvpn using the gui but since it seems to be using the management socket for shutting down the client as well this wasn't working. I killed the client manually over ssh and after restarting it everything worked as intended.
Seems like openvpn sometimes failes to create the management socket?
I think the gui should report failure to shut down the openvpn client if the management socket isn't reachable.
Could you elaborate on how you killed the client manually over ssh. I am trying to kill the process as other guys are suggesting using ps aux | grep openvpn and then killing it with kill -9 PIDnumber but it always comes back with "No such process".
Thanks for the help