Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unable to contact daemon Service not running?

    Scheduled Pinned Locked Moved OpenVPN
    11 Posts 9 Posters 45.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R Offline
      rdelaplante
      last edited by

      Today I upgraded to pfSense 2.1-RELEASE and noticed that my OpenVPN client no longer worked. It said "Service not running?" and "Unable to contact daemon."  I tried starting the service from the web GUI but it would not start.  Meanwhile, my OpenVPN server worked fine.

      I noticed that in the Advanced Configuration panel of my OpenVPN client there was this line:

      auth-user-pass /var/etc/openvpn/client1.userpass;

      So, I enabled the SSH daemon and logged in as admin to see if that file existed.  It didn't!  I can see that the pfSense upgrade migrated all of my client1.* and server2.* files but it lost the client1.userpass file.  I probably created this file by hand a long time ago.  So, I re-created the two line file.  The first line is the username and the second line is the password. I gave it 600 permissions like the rest of the files. It is owned by root:wheel.

      After doing this I was able to start the OpenVPN client service in the web GUI and it worked.  I can now access the VPN.

      1 Reply Last reply Reply Quote 0
      • F Offline
        ftass
        last edited by

        Did some debugging, haven't really had any impact since the vpn connection has worked even though the gui states not running.

        It is apparantly the management socket for openvpn (client 5 for me) that refuses connections.

        [2.1.2-RELEASE][root@pfsense-1.basement2.int]/var/etc/openvpn(24): cat client5.sock
        cat: client5.sock: Connection refused
        [2.1.2-RELEASE][root@pfsense-1.basement2.int]/var/etc/openvpn(25): cat client6.sock

        INFO:OpenVPN Management Interface Version 1 – type 'help' for more info

        I tried stopping openvpn using the gui but since it seems to be using the management socket for shutting down the client as well this wasn't working. I killed the client manually over ssh and after restarting it everything worked as intended.

        Seems like openvpn sometimes failes to create the management socket?

        I think the gui should report failure to shut down the openvpn client if the management socket isn't reachable.

        1 Reply Last reply Reply Quote 0
        • ? This user is from outside of this forum
          Guest
          last edited by

          Hi again and Happy New Year!

          Just to follow a suggestion I did a fresh full-install of pfsense 2.1.5 i386 on a notebook with SSD and copied my config file to this installation. After adjusting the interfaces, installing packages and moving /var and /tmp to RAM disks, I recognized that the GUI presents the error mentioned above. Usually the problem resolved in the past after rebooting, but this time the problem survived…

          Although the issues is only annoying rather than problematic in any way (except for not letting me know when the tunnels are really down...), it would be nice if there was a persistent fix to this...

          Kind regards

          chemlud

          PS:

          Log after successful establishing tunnels after reboot:

          Jan 2 13:09:46 openvpn[70901]: Initialization Sequence Completed
          Jan 2 13:09:46 openvpn[70901]: Peer Connection Initiated with [AF_INET]ip:port
          Jan 2 13:09:44 openvpn[37187]: Exiting due to fatal error
          Jan 2 13:09:44 openvpn[37187]: Cannot open TUN/TAP dev /dev/tun2: Device busy (errno=16)
          Jan 2 13:09:44 openvpn[37187]: TUN/TAP device ovpnc2 exists previously, keep at program end
          Jan 2 13:09:44 openvpn[36176]: Exiting due to fatal error
          Jan 2 13:09:44 openvpn[36176]: Cannot open TUN/TAP dev /dev/tun1: Device busy (errno=16)
          Jan 2 13:09:44 openvpn[36176]: TUN/TAP device ovpnc1 exists previously, keep at program end
          Jan 2 13:09:41 openvpn[71703]: Initialization Sequence Completed

          1 Reply Last reply Reply Quote 0
          • B Offline
            bnaglic
            last edited by

            @ftass:

            Did some debugging, haven't really had any impact since the vpn connection has worked even though the gui states not running.

            It is apparantly the management socket for openvpn (client 5 for me) that refuses connections.

            [2.1.2-RELEASE][root@pfsense-1.basement2.int]/var/etc/openvpn(24): cat client5.sock
            cat: client5.sock: Connection refused
            [2.1.2-RELEASE][root@pfsense-1.basement2.int]/var/etc/openvpn(25): cat client6.sock

            INFO:OpenVPN Management Interface Version 1 – type 'help' for more info

            I tried stopping openvpn using the gui but since it seems to be using the management socket for shutting down the client as well this wasn't working. I killed the client manually over ssh and after restarting it everything worked as intended.

            Seems like openvpn sometimes failes to create the management socket?

            I think the gui should report failure to shut down the openvpn client if the management socket isn't reachable.

            Do you have command for killing client manually over ssh?
            I have same problem as you, opevpn client not running and refused to cat socket?
            thx

            1 Reply Last reply Reply Quote 0
            • H Offline
              heper
              last edited by

              @bnaglic:

              Do you have command for killing client manually over ssh?
              I have same problem as you, opevpn client not running and refused to cat socket?
              thx

              you need to find the process id or PID.

              you can do this by doing:

              
              [2.2.1-RELEASE][root@pfsense]/root: ps aux | grep openvpn
              root    20056   0.0  1.8 12732  4004  -  Ss   Tue10PM    1:42.80 /usr/local/sbin/openvpn --config /
              root    31962   0.0  0.9 10396  1964  0  S+    4:55PM    0:00.00 grep openvpn
              [2.2.1-RELEASE][root@pfsense.vbees.lan]/root: kill -9 20056
              
              

              so basically you find out the pid by: ps aux | grep openvpn  (its the first number after the command, in my case 20056)
              then you kill the process by: kill -9 20056

              1 Reply Last reply Reply Quote 0
              • 2 Offline
                2chemlud Banned
                last edited by

                Funny! When entered in the Diagnostics: Execute command

                $ ps aux | grep openvpn
                root    94050  0.0  0.1  10396  2036  -  S    5:18PM    0:00.00 grep openvpn

                …although 2 tunnels up and running.

                1 Reply Last reply Reply Quote 0
                • H Offline
                  heper
                  last edited by

                  odd.png
                  odd.png_thumb

                  1 Reply Last reply Reply Quote 0
                  • M Offline
                    macralf
                    last edited by

                    The reason it doesn't work in the GUI is it doesn't see "openvpn" with the grep because the buffer isn't holding enough characters.  If you run the command on the physical console, you'll get the same results.  In SSH you can see more characters horizontally, so the grep can see the "openvpn".

                    If you run the command without the u, you can see it in the web console.  ps ax | grep vpn

                    1 Reply Last reply Reply Quote 0
                    • P Offline
                      phil.davis
                      last edited by

                      You cam also do:

                      ps auxww | grep openvpn
                      

                      The "ww" makes the output "wide-wide" - it passes everything to the grep, so you see all matches properly.

                      As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
                      If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

                      1 Reply Last reply Reply Quote 0
                      • L Offline
                        limona21
                        last edited by

                        @ftass:

                        Did some debugging, haven't really had any impact since the vpn connection has worked even though the gui states not running.

                        It is apparantly the management socket for openvpn (client 5 for me) that refuses connections.

                        [2.1.2-RELEASE][root@pfsense-1.basement2.int]/var/etc/openvpn(24): cat client5.sock
                        cat: client5.sock: Connection refused
                        [2.1.2-RELEASE][root@pfsense-1.basement2.int]/var/etc/openvpn(25): cat client6.sock

                        INFO:OpenVPN Management Interface Version 1 – type 'help' for more info

                        I tried stopping openvpn using the gui but since it seems to be using the management socket for shutting down the client as well this wasn't working. I killed the client manually over ssh and after restarting it everything worked as intended.

                        Seems like openvpn sometimes failes to create the management socket?

                        I think the gui should report failure to shut down the openvpn client if the management socket isn't reachable.

                        Could you elaborate on how you killed the client manually over ssh. I am trying to kill the process as other guys are suggesting using ps aux | grep openvpn and then killing it with kill -9 PIDnumber but it always comes back with "No such process".

                        Thanks for the help

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.