WAN/DHCP affects OpenVPN and gets it out of sync in the web gui
-
I noticed that when I don't give my pfsense box a DHCP response on the WAN port, it sits around with a 0.0.0.0 address, then that disappears and shows no address. OpenVPN still starts, but it screws up the management port when I later give out an address.
On my dashboard, I see "Unable to contact daemon, Service not running?". If I look at the logs, I see errors:
openvpn[62387]: Exiting due to fatal error
openvpn[62387]: TCP/UDP: Socket bind failed on local address [AF_INET]xxx.xxx.xxx.xxx:443: Address already in use
openvpn[62387]: ioctl(TUNSIFMODE): Device busy: Device busy (errno=16)If I go to service status, it says "openvpn" is stopped, but its actually running. I can successfully connect to it. Some how it gets in a weird state where pfsense starts it and forgets that it started it. When it tries to start it again, the old openvpn is bound to the port and it stays in the "stopped" state and can never be started/stopped until I reboot the server or ssh in and kill the process (haven't tried that yet though).
Unfortunately, my ISP has problems where it occasionally wont want to hand out DHCP addresses for several minutes (so it may take some time). Is there an easier fix for this?
-
With it bound to 443, do you have your GUI bound to something other than 443? That might be one reason.
I'm guessing though it's the issue where OpenVPN writes out the wrong PID in its PID file. What's in your /var/etc/openvpn/serverX.pid file and what is the actual PID of OpenVPN instance that's running? where serverX probably == server1, but could be some other number depending on how many you have and have had in the past.
-
@cmb:
With it bound to 443, do you have your GUI bound to something other than 443? That might be one reason.
I'm guessing though it's the issue where OpenVPN writes out the wrong PID in its PID file. What's in your /var/etc/openvpn/serverX.pid file and what is the actual PID of OpenVPN instance that's running? where serverX probably == server1, but could be some other number depending on how many you have and have had in the past.
I switched the webgui port to 1234 before I created the OpenVPN service. It works fine now since I rebooted it and was quickly able to get back an IP from DHCP.
It's weird how it got into that state… The openvpn daemon was definitely running (even though it was reported stopped) and I was able to vpn in from the internet once I got an IP.
The pid file explanation makes sense. I'll try it again in a few days so I can get it in that state again and report back. Thanks for your insight.