OpenVPN Status indicator -> service not running?



  • Having a minor problem on my pfSense firewall. I have three interfaces set up, WAN, LAN, and OPT1,. which is my wireless access point. On WAN and OPT1, I have OpenVPN connections (ports 1194 and 1195 respectively), so that I can vpn in from the internet as well as from wireless devices.

    I have a small problem with the OpenVPN status page. For the OpenVPN remote access from WAN UDP:1194 Client Connections, it says

    [error] Unable to contact daemon Service not running? 0 0 B 0 B with a green X

    Status is a red circle, and Actions is a start icon.

    For OpenVPN remote access from wifi UDP:1195 Client Connections

    Status is a green check and actions are restart and stop.

    I can connect to openvpn from the internet, but when I connect to the status page,. it still says "service not running?"

    I made a change to my network, and couldn't restart the openvpn daemon on that port, because of this problem. I had to restart the entire firewall, which seems like a bigger hammer solution.

    Any idea why this one openvpn status indicators is not working?

    Thanks,
    –vr



  • Check the system log for OpenVPN failures when the machine boots up.

    For me I could solve this by forwarding the openVPN port from WAN to an internal Interface address and set the VPN server to listen to this one.



  • @viragomann:

    Check the system log for OpenVPN failures when the machine boots up.

    No failures that I see. I rebooted on 7 February, and the only things in system.log are:

    
    Feb  7 04:36:33 europa php-cgi: rc.bootup: Resyncing OpenVPN instances.
    Feb  7 04:40:07 europa php-fpm[53050]: /rc.newwanip: Resyncing OpenVPN instances for interface WAN.
    Feb  7 04:40:07 europa php-fpm[40487]: /rc.newwanip: Resyncing OpenVPN instances for interface WAN.
    
    

    The only other log from that day was when I connected to the firewall to check status.

    For me I could solve this by forwarding the openVPN port from WAN to an internal Interface address and set the VPN server to listen to this one.

    I don't understand how that would work. what would be the best way to set it up?


  • Banned

    Two possible options to try:

    First the easy one:

    System > Routing > Gateways, edit your OpenVPN gateway, set the monitor IP to something public and always availabe (8.8.8.8, or 8.8.4.4 will work).

    Go back to your status and refresh and see if they are showing up.

    Second the still pretty easy one:

    SSH to shell, run "ps ax | grep vpn" or "ps aux | grep openvpn"
    note the PID number for the client or server vpn instance as necessary.

    Go to Diagnostics-Edit File, browse to /var/run and open the openvpn client or server .pid file, if the number in that file isn't the same as the number you got from the shell, then update the number in the .pid file. SAVE.

    Restart openvpn client or server service, should be good to go.



  • @VulcanRidr:

    For me I could solve this by forwarding the openVPN port from WAN to an internal Interface address and set the VPN server to listen to this one.

    I don't understand how that would work. what would be the best way to set it up?

    Thats a simple port forwarding. Firewall > NAT > Port Forward.
    Add a forwarding rule on WAN interface, with destination = WAN address, dest. port = 1194 and at Redirect target IP enter the pfSense LAN or OPT1 IP and at port also 1194.
    Select "pass" at filter rule association or create a firewall rule to allow the traffic to the new destination.
    Then edit the server config to let the server listen to the IP you have forwarded the traffic now.



  • @pfBasic:

    Second the still pretty easy one:

    SSH to shell, run "ps ax | grep vpn" or "ps aux | grep openvpn"
    note the PID number for the client or server vpn instance as necessary.

    Go to Diagnostics-Edit File, browse to /var/run and open the openvpn client or server .pid file, if the number in that file isn't the same as the number you got from the shell, then update the number in the .pid file. SAVE.

    Restart openvpn client or server service, should be good to go.

    Worked perfectly. Not sure why the PIDfile was wrong, but correcting it and then restarting worked like a charm. Thanks!

    –vr


  • Banned

    Awesome! I'm glad it worked for you.

    I don't know why the system gets out of sync but it's happened to me a few times and you can find threads back in 2013 with people having the same problem.

    I don't know if anyone's ever looked in to fixing it?