Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Unable to contact Deamon, Service not running

    Scheduled Pinned Locked Moved OpenVPN
    7 Posts 2 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Ali.ghabsha
      last edited by

      Dear Netgate Experts,

      i have installed PFSense Version 2.4.5, then i created OpenVPN Server after im done with the configuration i found the following error.

      {error} Unable to contact Deamon
      0 Service not running

      i checked the System Logs and found the following

      Jan 22 00:30:37 openvpn 70012 Options error: Unrecognized option or missing or extra parameter(s) in /var/etc/openvpn/server1.conf:45: 10.49.1.0 (2.4.9)

      Jan 22 00:30:37 openvpn 70012 Use --help for more information.

      i appreciate any support to solve the problem.
      Thank you so much in advance.

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @Ali.ghabsha
        last edited by

        @ali-ghabsha said in OpenVPN Unable to contact Deamon, Service not running:

        solve the problem

        Can you show it ( /var/etc/openvpn/server1.conf ) first ?

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        A 1 Reply Last reply Reply Quote 0
        • A
          Ali.ghabsha @Gertjan
          last edited by

          @gertjan excuse me might you guide me how to do that, i don't really have experience with the command line in PFSense.

          Thank you

          1 Reply Last reply Reply Quote 0
          • A
            Ali.ghabsha
            last edited by Ali.ghabsha

            i have disabled the openvpn server that i have perviously created then i created a new one using the Wizard which it has also created the appropriate firewall rlues, after that i deleted the old server that i disabled with the associated rules in the firewall, and i got the following in the system logs of the openvpn

            Jan 23 02:18:26 openvpn 6363 TUN/TAP device ovpns2 exists previously, keep at program end
            Jan 23 02:18:26 openvpn 6363 TUN/TAP device /dev/tun2 opened
            Jan 23 02:18:26 openvpn 6363 /sbin/ifconfig ovpns2 172.16.1.1 172.16.1.2 mtu 1500 netmask 255.255.255.0 up
            Jan 23 02:18:26 openvpn 6363 /usr/local/sbin/ovpn-linkup ovpns2 1500 1621 172.16.1.1 255.255.255.0 init
            Jan 23 02:18:26 openvpn 6363 UDPv4 link local (bound): [AF_INET]192.168.0.2:1194
            Jan 23 02:18:26 openvpn 6363 UDPv4 link remote: [AF_UNSPEC]
            Jan 23 02:18:26 openvpn 6363 Initialization Sequence Completed
            Jan 23 02:19:53 openvpn 23852 OpenVPN 2.4.9 amd64-portbld-freebsd11.3 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on May 4 2020
            Jan 23 02:19:53 openvpn 23852 library versions: OpenSSL 1.0.2u-freebsd 20 Dec 2019, LZO 2.10
            Jan 23 02:19:53 openvpn 23961 WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want
            Jan 23 02:19:53 openvpn 23961 GDG: problem writing to routing socket
            Jan 23 02:19:53 openvpn 23961 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
            Jan 23 02:19:53 openvpn 23961 TUN/TAP device ovpns2 exists previously, keep at program end
            Jan 23 02:19:53 openvpn 23961 TUN/TAP device /dev/tun2 opened
            Jan 23 02:19:53 openvpn 23961 ioctl(TUNSIFMODE): Device busy (errno=16)
            Jan 23 02:19:53 openvpn 23961 /sbin/ifconfig ovpns2 172.16.1.1 172.16.1.2 mtu 1500 netmask 255.255.255.0 up
            Jan 23 02:19:53 openvpn 23961 /usr/local/sbin/ovpn-linkup ovpns2 1500 1621 172.16.1.1 255.255.255.0 init
            Jan 23 02:19:54 openvpn 23961 UDPv4 link local (bound): [AF_INET]192.168.0.2:1194
            Jan 23 02:19:54 openvpn 23961 UDPv4 link remote: [AF_UNSPEC]
            Jan 23 02:19:54 openvpn 23961 Initialization Sequence Completed
            Jan 23 02:28:10 openvpn 23961 event_wait : Interrupted system call (code=4)
            Jan 23 02:28:10 openvpn 23961 /usr/local/sbin/ovpn-linkdown ovpns2 1500 1621 172.16.1.1 255.255.255.0 init
            Jan 23 02:28:10 openvpn 23961 SIGTERM[hard,] received, process exiting
            Jan 23 02:28:10 openvpn 34420 OpenVPN 2.4.9 amd64-portbld-freebsd11.3 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on May 4 2020
            Jan 23 02:28:10 openvpn 34420 library versions: OpenSSL 1.0.2u-freebsd 20 Dec 2019, LZO 2.10
            Jan 23 02:28:10 openvpn 34755 WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want
            Jan 23 02:28:10 openvpn 34755 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
            Jan 23 02:28:10 openvpn 34755 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
            Jan 23 02:28:10 openvpn 34755 TUN/TAP device ovpns2 exists previously, keep at program end
            Jan 23 02:28:10 openvpn 34755 TUN/TAP device /dev/tun2 opened
            Jan 23 02:28:10 openvpn 34755 /sbin/ifconfig ovpns2 172.16.1.1 172.16.1.2 mtu 1500 netmask 255.255.255.0 up
            Jan 23 02:28:10 openvpn 34755 /usr/local/sbin/ovpn-linkup ovpns2 1500 1621 172.16.1.1 255.255.255.0 init
            Jan 23 02:28:10 openvpn 34755 UDPv4 link local (bound): [AF_INET]192.168.0.2:1194
            Jan 23 02:28:10 openvpn 34755 UDPv4 link remote: [AF_UNSPEC]
            Jan 23 02:28:10 openvpn 34755 Initialization Sequence Completed
            Jan 23 02:32:13 openvpn 34755 event_wait : Interrupted system call (code=4)
            Jan 23 02:32:13 openvpn 34755 /usr/local/sbin/ovpn-linkdown ovpns2 1500 1621 172.16.1.1 255.255.255.0 init
            Jan 23 02:32:13 openvpn 34755 SIGTERM[hard,] received, process exiting
            Jan 23 02:32:13 openvpn 51755 OpenVPN 2.4.9 amd64-portbld-freebsd11.3 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on May 4 2020
            Jan 23 02:32:13 openvpn 51755 library versions: OpenSSL 1.0.2u-freebsd 20 Dec 2019, LZO 2.10
            Jan 23 02:32:13 openvpn 51887 WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want
            Jan 23 02:32:13 openvpn 51887 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
            Jan 23 02:32:13 openvpn 51887 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
            Jan 23 02:32:13 openvpn 51887 TUN/TAP device ovpns2 exists previously, keep at program end
            Jan 23 02:32:13 openvpn 51887 TUN/TAP device /dev/tun2 opened
            Jan 23 02:32:13 openvpn 51887 /sbin/ifconfig ovpns2 172.16.1.1 172.16.1.2 mtu 1500 netmask 255.255.255.0 up
            Jan 23 02:32:13 openvpn 51887 /usr/local/sbin/ovpn-linkup ovpns2 1500 1621 172.16.1.1 255.255.255.0 init
            Jan 23 02:32:13 openvpn 51887 UDPv4 link local (bound): [AF_INET]192.168.0.2:1194
            Jan 23 02:32:13 openvpn 51887 UDPv4 link remote: [AF_UNSPEC]
            Jan 23 02:32:13 openvpn 51887 Initialization Sequence Completed

            however im still unable to connect the client onto the mobile phone openvpn connect shows the following:

            EVENT WAIT
            Server Poll Timout, Trying next remote Entry
            then it keeps reconnecting. without any successful attempts.

            1 Reply Last reply Reply Quote 0
            • GertjanG
              Gertjan
              last edited by

              Hi,

              Your WAN is 192.168.0.2, right ?
              There is a firewall rule on the WAN interface let permits incoming traffic on port 1194, protocol UDP, like :

              2341f385-6bd5-4b63-aa84-111815cdd4ec-image.png

              And, because you use an upstream router, this router should have a NAT rule that routs traffic from it's WAN (your real Internet IP) to the WAN IP of pfSense (again, using port 1194 - if thats the one you use for your client, protocol UDP) ?

              Did you check the real Internet IP you have ? http://checkip.dyndns.com Is this the IP your OpenVPN client is using when connecting ?

              Most of the connection issues can be checked with packet capturing on the WAN interface of pfSense. And no surprise, again, use UDP and port 1194 as a filter for the capturing. It should show traffic you connect your phone.

              While testing, at first, shut down the Wifi of your phone.

              Btw : when you restored the connection, take care of the warning in the OpenVPN log. They are pretty self explaining.

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              A 1 Reply Last reply Reply Quote 0
              • A
                Ali.ghabsha @Gertjan
                last edited by Ali.ghabsha

                @gertjan thank you for replying.. Let you give a full information please might that helps.

                I've a Router at my house which is configured to forward the traffic of openvpn so i configured to forward the port 1194 udp from the Wan to my pfsense which is behind the router (192.168.0.2) , I have tried the following

                I've created two virtual machines and installed on them two different versions of pfsense, the first is with 2.4.3 and the second 2.4.5, and I've configured both exactly the same. Then If I try to using the 2.4.3 the openvpn works if I turn off this one and then use the one with the new version, the openvpn doesn't work, so it's a version issue, why the old version works but the new one not... Why if I upgraded from the old version to the new version the openvpn works but users behind pfsense can't access the internet.
                If we check the logs we find there's an error related to the Wan interface regarding the openvpn then if we deleted the rule in the Wan related to the openvpn and created a new one the same options the users can access the internet and there won't be any more errors in the log, however no more openvpn. The openvpn will stop forever.

                GertjanG 1 Reply Last reply Reply Quote 0
                • GertjanG
                  Gertjan @Ali.ghabsha
                  last edited by Gertjan

                  @ali-ghabsha said in OpenVPN Unable to contact Deamon, Service not running:

                  2.4.3 the openvpn works

                  Be careful : when you export a config ( with the OpenVPN client EXE in the config if you use that one also ) you change the OpenVPN version used. Mixing OpenVPN client software on client and or server side can have issues.

                  @ali-ghabsha said in OpenVPN Unable to contact Deamon, Service not running:

                  the openvpn doesn't work, so it's a version issue, why the old version works but the new one no

                  What do you mean by doesn't work ?
                  I can only find this in your log :

                  @ali-ghabsha said in OpenVPN Unable to contact Deamon, Service not running:

                  GDG: problem writing to routing socket

                  This https://community.openvpn.net/openvpn/ticket/688 ?

                  I don't have that GDC message :

                  2cc1b805-3779-48d4-ad8b-5e49a0e43d1a-image.png

                  You can see it starts to listen on :
                  UDPv4 link local (bound): [AF_INET]192.168.10.3:1194
                  192.168.10.3 is my WAN interface - WAN IP - I have an ISP router in front of my pfSense.

                  The start up shown is a clean start up of OpenVPN

                  This is the WAN firewall rule :

                  babbf6c7-7a77-4d88-a4a6-8717af6143e4-image.png

                  @ali-ghabsha said in OpenVPN Unable to contact Deamon, Service not running:

                  If we check the logs we find there's an error related to the Wan interface regarding the openvpn ....

                  and what about showing these errors ?

                  @ali-ghabsha said in OpenVPN Unable to contact Deamon, Service not running:

                  Why if I upgraded from the old version to the new version the openvpn works but users behind pfsense can't access the internet.

                  So, OpenVPN starts, there is a related firewall rule on your WAN, and devices on LAN do not have any Internet access any more.
                  I'm curious how you set up your system.
                  Adding the OpenVPN firewall rule on WAN doesn't implicate at all LAN's Internet access - OpenVPN server running, or not.
                  Running OpenVPN server with or without the firewall rule on WAN doesn't change OpenVPN behaviour (no messages or warnings). Without the firewall it just isn't accessible. This will not alter anything for devices on your LAN.

                  No "help me" PM's please. Use the forum, the community will thank you.
                  Edit : and where are the logs ??

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.