OpenVPN Server Service showing offline but can still connect.



  • Yesterday out of the blue I noticed that one of my OpenVPN server services on the dashboard stated that it wasn't responding but I was still able to connect.  I am in a CARP configuration.

    NOTE of concern:  when I disabled the OpenVPN server, disabled the rules, AND deleted the states associated with that OpenVPN port, not only did the clients reconnect but their static routes were still viable.

    Things I did:
    Made sure that everyone disconnected their OpenVPN connections
    Rebooted the backup
    Failed over to backup and rebooted master
    disabled the OpenVPN server
    disabled related firewall rules.

    After turning on the OpenVPN server again, I changed the interface from the WAN CARP VIP to the DMZ CARP VIP.  Connections are still allowed but the dashboard and the log is till stating there is an issue.

    Maximum of 13 people can connect without issue (normal # is 4-6).

    Also, not sure if this is relevant, but prior to this issue occurring, I downloaded the config with the management option checkbox checked and downloaded the Win6-x64 and installed with not issues.  It was after this (~ 30 mins later) that I noticed the dashboard service having issues.  Management interface is pretty nice.

    Assistance would be GREATLY appreciated as soon as possible.

    Here is the OpenVPN log w/ logging level 6

    Nov 2 08:25:36	openvpn	86068	Exiting due to fatal error
    Nov 2 08:25:36	openvpn	86068	Cannot open TUN/TAP dev /dev/tun2: Device busy (errno=16)
    Nov 2 08:25:36	openvpn	86068	TUN/TAP device ovpns2 exists previously, keep at program end
    Nov 2 08:25:36	openvpn	86068	Socket Buffers: R=[42080->42080] S=[57344->57344]
    Nov 2 08:25:36	openvpn	86068	TLS-Auth MTU parms [ L:1559 D:1172 EF:78 EB:0 ET:0 EL:3 ]
    Nov 2 08:25:36	openvpn	86068	Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
    Nov 2 08:25:36	openvpn	86068	Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
    Nov 2 08:25:36	openvpn	86068	Control Channel Authentication: using '/var/etc/openvpn/server2.tls-auth' as a OpenVPN static key file
    Nov 2 08:25:36	openvpn	86068	Diffie-Hellman initialized with 2048 bit key
    Nov 2 08:25:36	openvpn	86068	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Nov 2 08:25:36	openvpn	86068	MANAGEMENT: unix domain socket listening on /var/etc/openvpn/server2.sock
    Nov 2 08:25:36	openvpn	86036	library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.09
    Nov 2 08:25:36	openvpn	86036	OpenVPN 2.3.11 amd64-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Jul 19 2016
    Nov 2 08:25:36	openvpn	86036	auth_user_pass_file = '[UNDEF]'
    Nov 2 08:25:36	openvpn	86036	pull = DISABLED
    Nov 2 08:25:36	openvpn	86036	client = DISABLED
    Nov 2 08:25:36	openvpn	86036	port_share_port = 0
    Nov 2 08:25:36	openvpn	86036	port_share_host = '[UNDEF]'
    Nov 2 08:25:36	openvpn	86036	auth_user_pass_verify_script_via_file = DISABLED
    Nov 2 08:25:36	openvpn	86036	auth_user_pass_verify_script = '/usr/local/sbin/ovpn_auth_verify user 'Local Database' false server2'
    Nov 2 08:25:36	openvpn	86036	max_routes_per_client = 256
    Nov 2 08:25:36	openvpn	86036	max_clients = 14
    Nov 2 08:25:36	openvpn	86036	cf_per = 0
    Nov 2 08:25:36	openvpn	86036	cf_max = 0
    Nov 2 08:25:36	openvpn	86036	duplicate_cn = DISABLED
    Nov 2 08:25:36	openvpn	86036	enable_c2c = DISABLED
    Nov 2 08:25:36	openvpn	86036	push_ifconfig_ipv6_remote = ::
    Nov 2 08:25:36	openvpn	86036	push_ifconfig_ipv6_local = ::/0
    Nov 2 08:25:36	openvpn	86036	push_ifconfig_ipv6_defined = DISABLED
    Nov 2 08:25:36	openvpn	86036	push_ifconfig_remote_netmask = 0.0.0.0
    Nov 2 08:25:36	openvpn	86036	push_ifconfig_local = 0.0.0.0
    Nov 2 08:25:36	openvpn	86036	push_ifconfig_defined = DISABLED
    Nov 2 08:25:36	openvpn	86036	tmp_dir = '/tmp'
    Nov 2 08:25:36	openvpn	86036	ccd_exclusive = DISABLED
    Nov 2 08:25:36	openvpn	86036	client_config_dir = '/var/etc/openvpn-csc/server2'
    Nov 2 08:25:36	openvpn	86036	client_disconnect_script = '/usr/local/sbin/openvpn.attributes.sh'
    Nov 2 08:25:36	openvpn	86036	learn_address_script = '[UNDEF]'
    Nov 2 08:25:36	openvpn	86036	client_connect_script = '/usr/local/sbin/openvpn.attributes.sh'
    Nov 2 08:25:36	openvpn	86036	virtual_hash_size = 256
    Nov 2 08:25:36	openvpn	86036	real_hash_size = 256
    Nov 2 08:25:36	openvpn	86036	tcp_queue_limit = 64
    Nov 2 08:25:36	openvpn	86036	n_bcast_buf = 256
    Nov 2 08:25:36	openvpn	86036	ifconfig_ipv6_pool_netbits = 0
    Nov 2 08:25:36	openvpn	86036	ifconfig_ipv6_pool_base = ::
    Nov 2 08:25:36	openvpn	86036	ifconfig_ipv6_pool_defined = DISABLED
    Nov 2 08:25:36	openvpn	86036	ifconfig_pool_persist_refresh_freq = 600
    Nov 2 08:25:36	openvpn	86036	ifconfig_pool_persist_filename = '[UNDEF]'
    Nov 2 08:25:36	openvpn	86036	ifconfig_pool_netmask = 255.255.255.0
    Nov 2 08:25:36	openvpn	86036	ifconfig_pool_end = 192.168.251.253
    Nov 2 08:25:36	openvpn	86036	ifconfig_pool_start = 192.168.251.2
    Nov 2 08:25:36	openvpn	86036	ifconfig_pool_defined = ENABLED
    Nov 2 08:25:36	openvpn	86036	push_entry = 'ping-restart 60'
    Nov 2 08:25:36	openvpn	86036	push_entry = 'ping 10'
    Nov 2 08:25:36	openvpn	86036	push_entry = 'topology subnet'
    Nov 2 08:25:36	openvpn	86036	push_entry = 'route-gateway 192.168.251.1'
    Nov 2 08:25:36	openvpn	86036	push_entry = 'register-dns'
    Nov 2 08:25:36	openvpn	86036	push_entry = 'route 172.16.3.244 255.255.255.255'
    Nov 2 08:25:36	openvpn	86036	push_entry = 'route 172.16.3.26 255.255.255.255'
    Nov 2 08:25:36	openvpn	86036	push_entry = 'route 172.16.1.143 255.255.255.255'
    Nov 2 08:25:36	openvpn	86036	push_entry = 'route 172.16.3.100 255.255.255.255'
    Nov 2 08:25:36	openvpn	86036	push_entry = 'route 172.16.3.101 255.255.255.255'
    Nov 2 08:25:36	openvpn	86036	push_entry = 'route 172.16.2.164 255.255.255.255'
    Nov 2 08:25:36	openvpn	86036	server_bridge_pool_end = 0.0.0.0
    Nov 2 08:25:36	openvpn	86036	server_bridge_pool_start = 0.0.0.0
    Nov 2 08:25:36	openvpn	86036	server_bridge_netmask = 0.0.0.0
    Nov 2 08:25:36	openvpn	86036	server_bridge_ip = 0.0.0.0
    Nov 2 08:25:36	openvpn	86036	server_netbits_ipv6 = 0
    Nov 2 08:25:36	openvpn	86036	server_network_ipv6 = ::
    Nov 2 08:25:36	openvpn	86036	server_netmask = 255.255.255.0
    Nov 2 08:25:36	openvpn	86036	server_network = 192.168.251.0
    Nov 2 08:25:36	openvpn	86036	tls_auth_file = '/var/etc/openvpn/server2.tls-auth'
    Nov 2 08:25:36	openvpn	86036	tls_exit = DISABLED
    Nov 2 08:25:36	openvpn	86036	push_peer_info = DISABLED
    Nov 2 08:25:36	openvpn	86036	single_session = DISABLED
    Nov 2 08:25:36	openvpn	86036	transition_window = 3600
    Nov 2 08:25:36	openvpn	86036	handshake_window = 60
    Nov 2 08:25:36	openvpn	86036	renegotiate_seconds = 3600
    Nov 2 08:25:36	openvpn	86036	renegotiate_packets = 0
    Nov 2 08:25:36	openvpn	86036	renegotiate_bytes = 0
    Nov 2 08:25:36	openvpn	86036	tls_timeout = 2
    Nov 2 08:25:36	openvpn	86036	ssl_flags = 2
    Nov 2 08:25:36	openvpn	86036	remote_cert_eku = '[UNDEF]'
    Nov 2 08:25:36	openvpn	86036	remote_cert_ku[i] = 0
    Nov 2 08:25:36	openvpn	86036	remote_cert_ku[i] = 0
    Nov 2 08:25:36	openvpn	86036	remote_cert_ku[i] = 0
    Nov 2 08:25:36	openvpn	86036	remote_cert_ku[i] = 0
    Nov 2 08:25:36	openvpn	86036	remote_cert_ku[i] = 0
    Nov 2 08:25:36	openvpn	86036	remote_cert_ku[i] = 0
    Nov 2 08:25:36	openvpn	86036	remote_cert_ku[i] = 0
    Nov 2 08:25:36	openvpn	86036	remote_cert_ku[i] = 0
    Nov 2 08:25:36	openvpn	86036	remote_cert_ku[i] = 0
    Nov 2 08:25:36	openvpn	86036	remote_cert_ku[i] = 0
    Nov 2 08:25:36	openvpn	86036	remote_cert_ku[i] = 0
    Nov 2 08:25:36	openvpn	86036	remote_cert_ku[i] = 0
    Nov 2 08:25:36	openvpn	86036	remote_cert_ku[i] = 0
    Nov 2 08:25:36	openvpn	86036	remote_cert_ku[i] = 0
    Nov 2 08:25:36	openvpn	86036	remote_cert_ku[i] = 0
    Nov 2 08:25:36	openvpn	86036	remote_cert_ku[i] = 0
    Nov 2 08:25:36	openvpn	86036	ns_cert_type = 0
    Nov 2 08:25:36	openvpn	86036	crl_file = '[UNDEF]'
    Nov 2 08:25:36	openvpn	86036	verify_x509_name = '[UNDEF]'
    Nov 2 08:25:36	openvpn	86036	verify_x509_type = 0
    Nov 2 08:25:36	openvpn	86036	tls_export_cert = '[UNDEF]'
    Nov 2 08:25:36	openvpn	86036	tls_verify = '/usr/local/sbin/ovpn_auth_verify tls 'XXXX_1195' 1'
    Nov 2 08:25:36	openvpn	86036	cipher_list = '[UNDEF]'
    Nov 2 08:25:36	openvpn	86036	pkcs12_file = '[UNDEF]'
    Nov 2 08:25:36	openvpn	86036	priv_key_file = '/var/etc/openvpn/server2.key'
    Nov 2 08:25:36	openvpn	86036	extra_certs_file = '[UNDEF]'
    Nov 2 08:25:36	openvpn	86036	cert_file = '/var/etc/openvpn/server2.cert'
    Nov 2 08:25:36	openvpn	86036	dh_file = '/etc/dh-parameters.2048'
    Nov 2 08:25:36	openvpn	86036	ca_path = '[UNDEF]'
    Nov 2 08:25:36	openvpn	86036	ca_file = '/var/etc/openvpn/server2.ca'
    Nov 2 08:25:36	openvpn	86036	key_method = 2
    Nov 2 08:25:36	openvpn	86036	tls_client = DISABLED
    Nov 2 08:25:36	openvpn	86036	tls_server = ENABLED
    Nov 2 08:25:36	openvpn	86036	test_crypto = DISABLED
    Nov 2 08:25:36	openvpn	86036	use_iv = ENABLED
    Nov 2 08:25:36	openvpn	86036	packet_id_file = '[UNDEF]'
    Nov 2 08:25:36	openvpn	86036	replay_time = 15
    Nov 2 08:25:36	openvpn	86036	replay_window = 64
    Nov 2 08:25:36	openvpn	86036	mute_replay_warnings = DISABLED
    Nov 2 08:25:36	openvpn	86036	replay = ENABLED
    Nov 2 08:25:36	openvpn	86036	engine = DISABLED
    Nov 2 08:25:36	openvpn	86036	keysize = 0
    Nov 2 08:25:36	openvpn	86036	prng_nonce_secret_len = 16
    Nov 2 08:25:36	openvpn	86036	prng_hash = 'SHA1'
    Nov 2 08:25:36	openvpn	86036	authname = 'SHA256'
    Nov 2 08:25:36	openvpn	86036	authname_defined = ENABLED
    Nov 2 08:25:36	openvpn	86036	ciphername = 'AES-256-CFB'
    Nov 2 08:25:36	openvpn	86036	ciphername_defined = ENABLED
    Nov 2 08:25:36	openvpn	86036	key_direction = 1
    Nov 2 08:25:36	openvpn	86036	shared_secret_file = '[UNDEF]'
    Nov 2 08:25:36	openvpn	86036	management_flags = 256
    Nov 2 08:25:36	openvpn	86036	management_client_group = '[UNDEF]'
    Nov 2 08:25:36	openvpn	86036	management_client_user = '[UNDEF]'
    Nov 2 08:25:36	openvpn	86036	management_write_peer_info_file = '[UNDEF]'
    Nov 2 08:25:36	openvpn	86036	management_echo_buffer_size = 100
    Nov 2 08:25:36	openvpn	86036	management_log_history_cache = 250
    Nov 2 08:25:36	openvpn	86036	management_user_pass = '[UNDEF]'
    Nov 2 08:25:36	openvpn	86036	management_port = 0
    Nov 2 08:25:36	openvpn	86036	management_addr = '/var/etc/openvpn/server2.sock'
    Nov 2 08:25:36	openvpn	86036	allow_pull_fqdn = DISABLED
    Nov 2 08:25:36	openvpn	86036	max_routes = 100
    Nov 2 08:25:36	openvpn	86036	route_gateway_via_dhcp = DISABLED
    Nov 2 08:25:36	openvpn	86036	route_nopull = DISABLED
    Nov 2 08:25:36	openvpn	86036	route_delay_defined = DISABLED
    Nov 2 08:25:36	openvpn	86036	route_delay_window = 30
    Nov 2 08:25:36	openvpn	86036	route_delay = 0
    Nov 2 08:25:36	openvpn	86036	route_noexec = DISABLED
    Nov 2 08:25:36	openvpn	86036	route_default_metric = 0
    Nov 2 08:25:36	openvpn	86036	route_default_gateway = '192.168.251.2'
    Nov 2 08:25:36	openvpn	86036	route_script = '[UNDEF]'
    Nov 2 08:25:36	openvpn	86036	lzo = 7
    Nov 2 08:25:36	openvpn	86036	fast_io = DISABLED
    Nov 2 08:25:36	openvpn	86036	sockflags = 0
    Nov 2 08:25:36	openvpn	86036	sndbuf = 0
    Nov 2 08:25:36	openvpn	86036	rcvbuf = 0
    Nov 2 08:25:36	openvpn	86036	occ = ENABLED
    Nov 2 08:25:36	openvpn	86036	status_file_update_freq = 60
    Nov 2 08:25:36	openvpn	86036	status_file_version = 1
    Nov 2 08:25:36	openvpn	86036	status_file = '[UNDEF]'
    Nov 2 08:25:36	openvpn	86036	gremlin = 0
    Nov 2 08:25:36	openvpn	86036	mute = 0
    Nov 2 08:25:36	openvpn	86036	verbosity = 6
    Nov 2 08:25:36	openvpn	86036	nice = 0
    Nov 2 08:25:36	openvpn	86036	suppress_timestamps = DISABLED
    Nov 2 08:25:36	openvpn	86036	log = DISABLED
    Nov 2 08:25:36	openvpn	86036	inetd = 0
    Nov 2 08:25:36	openvpn	86036	daemon = ENABLED
    Nov 2 08:25:36	openvpn	86036	up_delay = DISABLED
    Nov 2 08:25:36	openvpn	86036	up_restart = DISABLED
    Nov 2 08:25:36	openvpn	86036	down_pre = DISABLED
    Nov 2 08:25:36	openvpn	86036	down_script = '/usr/local/sbin/ovpn-linkdown'
    Nov 2 08:25:36	openvpn	86036	up_script = '/usr/local/sbin/ovpn-linkup'
    Nov 2 08:25:36	openvpn	86036	writepid = '/var/run/openvpn_server2.pid'
    Nov 2 08:25:36	openvpn	86036	cd_dir = '[UNDEF]'
    Nov 2 08:25:36	openvpn	86036	chroot_dir = '[UNDEF]'
    Nov 2 08:25:36	openvpn	86036	groupname = '[UNDEF]'
    Nov 2 08:25:36	openvpn	86036	username = '[UNDEF]'
    Nov 2 08:25:36	openvpn	86036	resolve_retry_seconds = 1000000000
    Nov 2 08:25:36	openvpn	86036	passtos = DISABLED
    Nov 2 08:25:36	openvpn	86036	persist_key = ENABLED
    Nov 2 08:25:36	openvpn	86036	persist_remote_ip = ENABLED
    Nov 2 08:25:36	openvpn	86036	persist_local_ip = DISABLED
    Nov 2 08:25:36	openvpn	86036	persist_tun = ENABLED
    Nov 2 08:25:36	openvpn	86036	remap_sigusr1 = 0
    Nov 2 08:25:36	openvpn	86036	ping_timer_remote = ENABLED
    Nov 2 08:25:36	openvpn	86036	ping_rec_timeout_action = 2
    Nov 2 08:25:36	openvpn	86036	ping_rec_timeout = 120
    Nov 2 08:25:36	openvpn	86036	ping_send_timeout = 10
    Nov 2 08:25:36	openvpn	86036	inactivity_timeout = 0
    Nov 2 08:25:36	openvpn	86036	keepalive_timeout = 60
    Nov 2 08:25:36	openvpn	86036	keepalive_ping = 10
    Nov 2 08:25:36	openvpn	86036	mlock = DISABLED
    Nov 2 08:25:36	openvpn	86036	mtu_test = 0
    Nov 2 08:25:36	openvpn	86036	shaper = 0
    Nov 2 08:25:36	openvpn	86036	ifconfig_ipv6_remote = '[UNDEF]'
    Nov 2 08:25:36	openvpn	86036	ifconfig_ipv6_netbits = 0
    Nov 2 08:25:36	openvpn	86036	ifconfig_ipv6_local = '[UNDEF]'
    Nov 2 08:25:36	openvpn	86036	ifconfig_nowarn = DISABLED
    Nov 2 08:25:36	openvpn	86036	ifconfig_noexec = DISABLED
    Nov 2 08:25:36	openvpn	86036	ifconfig_remote_netmask = '255.255.255.0'
    Nov 2 08:25:36	openvpn	86036	ifconfig_local = '192.168.251.1'
    Nov 2 08:25:36	openvpn	86036	tun_ipv6 = DISABLED
    Nov 2 08:25:36	openvpn	86036	topology = 3
    Nov 2 08:25:36	openvpn	86036	lladdr = '[UNDEF]'
    Nov 2 08:25:36	openvpn	86036	dev_node = '/dev/tun2'
    Nov 2 08:25:36	openvpn	86036	dev_type = 'tun'
    Nov 2 08:25:36	openvpn	86036	dev = 'ovpns2'
    Nov 2 08:25:36	openvpn	86036	ipchange = '[UNDEF]'
    Nov 2 08:25:36	openvpn	86036	remote_random = DISABLED
    Nov 2 08:25:36	openvpn	86036	Connection profiles END
    Nov 2 08:25:36	openvpn	86036	explicit_exit_notification = 0
    Nov 2 08:25:36	openvpn	86036	mssfix = 1450
    Nov 2 08:25:36	openvpn	86036	fragment = 0
    Nov 2 08:25:36	openvpn	86036	mtu_discover_type = -1
    Nov 2 08:25:36	openvpn	86036	tun_mtu_extra_defined = DISABLED
    Nov 2 08:25:36	openvpn	86036	tun_mtu_extra = 0
    Nov 2 08:25:36	openvpn	86036	link_mtu_defined = DISABLED
    Nov 2 08:25:36	openvpn	86036	link_mtu = 1500
    Nov 2 08:25:36	openvpn	86036	tun_mtu_defined = ENABLED
    Nov 2 08:25:36	openvpn	86036	tun_mtu = 1500
    Nov 2 08:25:36	openvpn	86036	socks_proxy_retry = DISABLED
    Nov 2 08:25:36	openvpn	86036	socks_proxy_port = 0
    Nov 2 08:25:36	openvpn	86036	socks_proxy_server = '[UNDEF]'
    Nov 2 08:25:36	openvpn	86036	connect_retry_max = 0
    Nov 2 08:25:36	openvpn	86036	connect_timeout = 10
    Nov 2 08:25:36	openvpn	86036	connect_retry_seconds = 5
    Nov 2 08:25:36	openvpn	86036	bind_local = ENABLED
    Nov 2 08:25:36	openvpn	86036	bind_defined = DISABLED
    Nov 2 08:25:36	openvpn	86036	remote_float = ENABLED
    Nov 2 08:25:36	openvpn	86036	remote_port = 1194
    Nov 2 08:25:36	openvpn	86036	remote = '[UNDEF]'
    Nov 2 08:25:36	openvpn	86036	local_port = 1195
    Nov 2 08:25:36	openvpn	86036	local = '172.16.1.3'
    Nov 2 08:25:36	openvpn	86036	proto = udp
    Nov 2 08:25:36	openvpn	86036	Connection profiles [default]:
    Nov 2 08:25:36	openvpn	86036	show_tls_ciphers = DISABLED
    Nov 2 08:25:36	openvpn	86036	key_pass_file = '[UNDEF]'
    Nov 2 08:25:36	openvpn	86036	genkey = DISABLED
    Nov 2 08:25:36	openvpn	86036	show_engines = DISABLED
    Nov 2 08:25:36	openvpn	86036	show_digests = DISABLED
    Nov 2 08:25:36	openvpn	86036	show_ciphers = DISABLED
    Nov 2 08:25:36	openvpn	86036	mode = 1
    Nov 2 08:25:36	openvpn	86036	config = '/var/etc/openvpn/server2.conf'
    Nov 2 08:25:36	openvpn	86036	Current Parameter Settings:
    
    [/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i]
    

Log in to reply