Removing openvpn completely

EdAdders · May 17, 2020, 4:34 PM

Had an issue where I needed to make a change to my openvpn install which didn't fix the issue. I wanted to remove and reinstall openvpn from scratch with the new settings. Searched the forum and someone asked the same thing and the response was to do everything in reverse(remove instead of create), which I did. Unfortunately it seems that deleting server (and the other steps like users, certs, etc) doesn't completely remove the setup. Example: the openvpn banner option in the firewall rules disappears, but when you recreate a new vpn server the old rules are still there along with the newest one as are WAN rules. One issue I am having in the logs says I might have a duplicate ip range and trying to start my new install craps out, so my last install attempt I used a different private Ip range. In the logs it still shows the original private IP range along with the new one. Is there anything I can do to completely remove all hints of previous installs. Another post mentioned doing a restore, but I would have no idea when to restore from since things were working well for a long time before the change needed to be made.

DaddyGo · May 17, 2020, 5:45 PM

when you remove everything which is related to OpenVPN, what do you see after that:

ps uxaww | grep openvpn

(I think you know that OpenVPN is not a direct removable / installable package in pfSense? / F.E: with package manager)

EdAdders · May 18, 2020, 1:09 AM

@DaddyGo Thanks for the reply. I deleted the openvpn server again and ran your command:
ps uxaww | grep openvpn
root 9013 0.0 0.1 6560 2324 0 S+ 18:57 0:00.00 grep openvpn

I reloaded again with a different private IP for the tunnel and the error I was seeing in the logs is gone. I still can't connect but it is a step. Here are the logs after I cycled it:
May 17 20:04:01 openvpn 52950 Initialization Sequence Completed
May 17 20:04:01 openvpn 52950 UDPv6 link remote: [AF_UNSPEC]
May 17 20:04:01 openvpn 52950 UDPv6 link local (bound): [AF_INET6][undef]:1194
May 17 20:04:01 openvpn 52950 setsockopt(IPV6_V6ONLY=0)
May 17 20:04:01 openvpn 52950 Could not determine IPv4/IPv6 protocol. Using AF_INET6
May 17 20:04:01 openvpn 52950 /usr/local/sbin/ovpn-linkup ovpns1 1500 1621 10.10.10.1 255.255.255.0 init
May 17 20:04:01 openvpn 52950 /sbin/ifconfig ovpns1 10.10.10.1 10.10.10.2 mtu 1500 netmask 255.255.255.0 up
May 17 20:04:01 openvpn 52950 TUN/TAP device /dev/tun1 opened
May 17 20:04:01 openvpn 52950 TUN/TAP device ovpns1 exists previously, keep at program end
May 17 20:04:01 openvpn 52950 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
May 17 20:04:01 openvpn 52814 library versions: OpenSSL 1.0.2u-freebsd 20 Dec 2019, LZO 2.10
May 17 20:04:01 openvpn 52814 OpenVPN 2.4.9 amd64-portbld-freebsd11.3 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on May 4 2020
May 17 20:04:01 openvpn 83382 SIGTERM[hard,] received, process exiting
May 17 20:04:01 openvpn 83382 /usr/local/sbin/ovpn-linkdown ovpns1 1500 1621 10.10.10.1 255.255.255.0 init
May 17 20:04:01 openvpn 83382 event_wait : Interrupted system call (code=4)

I have it UDP for both ip4 & 6. The WAN rule is correct and specifies both.

Gertjan · May 18, 2020, 5:58 AM

@EdAdders said in Removing openvpn completely:

May 17 20:04:01 openvpn 52950 UDPv6 link remote: [AF_UNSPEC]
May 17 20:04:01 openvpn 52950 UDPv6 link local (bound): [AF_INET6][undef]:1194

You actually want to use a IPv6 tunnel ?
In that case, IPv6 local and remote IPv6 should be defined / resolvable, like IPv4.
UNSPEC means unspecified.

EdAdders · May 18, 2020, 10:48 PM

Oops, I think protocol was set to ip4 & 6 all interfacesmultihome was somehow set as the default. I set it to udp v4 and now getting log:
May 18 18:28:35 openvpn 18494 Initialization Sequence Completed
May 18 18:28:35 openvpn 18494 UDPv4 link remote: [AF_UNSPEC]
May 18 18:28:35 openvpn 18494 UDPv4 link local (bound): [AF_INET]10.0.0.228:1194
May 18 18:28:35 openvpn 18494 /usr/local/sbin/ovpn-linkup ovpns1 1500 1621 10.10.10.1 255.255.255.0 init
May 18 18:28:35 openvpn 18494 /sbin/ifconfig ovpns1 10.10.10.1 10.10.10.2 mtu 1500 netmask 255.255.255.0 up
May 18 18:28:35 openvpn 18494 TUN/TAP device /dev/tun1 opened
May 18 18:28:35 openvpn 18494 TUN/TAP device ovpns1 exists previously, keep at program end
May 18 18:28:35 openvpn 18494 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
May 18 18:28:35 openvpn 18276 library versions: OpenSSL 1.0.2u-freebsd 20 Dec 2019, LZO 2.10
May 18 18:28:35 openvpn 18276 OpenVPN 2.4.9 amd64-portbld-freebsd11.3 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on May 4 2020
May 18 18:28:35 openvpn 47056 SIGTERM[hard,] received, process exiting
May 18 18:28:35 openvpn 47056 /usr/local/sbin/ovpn-linkdown ovpns1 1500 1621 10.10.10.1 255.255.255.0 init
May 18 18:28:35 openvpn 47056 event_wait : Interrupted system call (code=4)

EdAdders · May 19, 2020, 12:35 AM

I am out for a week. Will try again when I get back. Thanks to all

DaddyGo · May 19, 2020, 8:14 AM

@EdAdders said in Removing openvpn completely:

this is still a problem: "UNSPEC"

May 18 18:28:35 openvpn 18494 UDPv4 link remote: [AF_UNSPEC]

if you still need help, we'll be here after a week too