OpenVPN + Load Balancing + STunnel

DerKlaus

Hello.

I'm trying to configure multiple OpenVPN clients with the interface localhost and stunnel package. The stunnel discussion is here.
With the multiple clients I want to use load balancing. Everything works well with one client, but with multiple clients, they always crash.

I have the following error messages in system-> general log:

/rc.newwanip: The command '/usr/local/sbin/unbound -c /var/unbound/unbound.conf' returned exit code '1', the output was '[1547574979] unbound[12781:0] error: can't bind socket: Address already in use for 127.0.0.1 port 953 [1547574979] unbound[12781:0] error: cannot open control interface 127.0.0.1 953 [1547574979] unbound[12781:0] fatal error: could not open ports'

What does the error message mean?

I use 4 x following OpenVPN Client configuration:

Protocol: TCP
Interface: Localhost
Server host or address: 127.0.0.1
Server port: 995
Advanced:
       route Server_IP 255.255.255.255 net_gateway

Rico

You can't just bind the same Port multiple times to localhost.

-Rico

DerKlaus

Without same ports to localhost I have this error message again:

Jan 27 13:09:38 php-fpm 47087 /rc.newwanip: The command '/usr/local/sbin/unbound -c /var/unbound/unbound.conf' returned exit code '1', the output was '[1548594578] unbound[17890:0] error: can't bind socket: Address already in use for 127.0.0.1 port 953 [1548594578] unbound[17890:0] error: cannot open control interface 127.0.0.1 953 [1548594578] unbound[17890:0] fatal error: could not open ports' 

OpenVPN clients are still crashing and I have a new error message:

Jan 27 12:41:03 openvpn 97238 ERROR: FreeBSD route add command failed: external program exited with error status: 1

Is this a routing problem?

DerKlaus

Maybe I have found a solution for me. OpenVPN error messages are still there:

Jan 27 13:09:38 php-fpm 47087 /rc.newwanip: The command '/usr/local/sbin/unbound -c /var/unbound/unbound.conf' returned exit code '1', the output was '[1548594578] unbound[17890:0] error: can't bind socket: Address already in use for 127.0.0.1 port 953 [1548594578] unbound[17890:0] error: cannot open control interface 127.0.0.1 953 [1548594578] unbound[17890:0] fatal error: could not open ports' 

Jan 27 12:41:03 openvpn 97238 ERROR: FreeBSD route add command failed: external program exited with error status: 1

Feb 2 18:56:11 openvpn 47315 PUSH: Received control message: 'PUSH_REPLY,topology subnet,redirect-gateway def1,sndbuf 131072,rcvbuf 131072,comp-lzo adaptive,route-gateway 10.3.2.3,redirect-gateway ipv6,route-ipv6 2000::/3,ping 10,ping-restart 60,dhcp-option DNS 95.211.146.77,dhcp-option DNS 37.48.94.55,ifconfig-ipv6 fdbf:1d37:bbe0:0:48:18:0:f1/112 fdbf:1d37:bbe0:0:48:18:0:1,ifconfig 10.3.2.241 255.255.255.0,peer-id 0' 
Feb 2 18:56:11 openvpn 47315 Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS]) 
Feb 2 18:56:11 openvpn 47315 Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS]) 
Feb 2 18:56:11 openvpn 47315 Options error: option 'route-ipv6' cannot be used in this context ([PUSH-OPTIONS]) 
Feb 2 18:56:11 openvpn 47315 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS]) 
Feb 2 18:56:11 openvpn 47315 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS]) 

I do not have the full speed, but it works with these NAT rules:

Why do i need this localhost rules for OpenVPN?
Do I need more rules like these?

browse "System: General Setup"
   specify desired third-party DNS servers on WAN_DHCP
   [x] Do not use the DNS Forwarder as a DNS server for the firewall
browse "Services: DNS Forwarder"
   [ ] Enable DNS forwarder
browse "System: Advanced: Networking"
   [ ] Allow IPv6
   [x] Prefer to use IPv4 even if IPv6 is available
browse "System: Advanced: Miscellaneous"
   [x] Skip rules when gateway is down
   [x] Enable gateway monitoring debug logging