Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN not longer starts after update to 2.4.5-p1

    Scheduled Pinned Locked Moved OpenVPN
    7 Posts 3 Posters 644 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      Mainzelman
      last edited by

      Hello everybody,

      I have Netgate XG-1537 HA in use.
      After update Backup(Slave) FW OpenVPN not longer starts after reboot and cannot be started in the GUI. A start in the console is possible.
      /usr/local/sbin/openvpn --config /var/etc/openvpn/server1.conf
      /usr/local/sbin/openvpn --config /var/etc/openvpn/server2.conf

      Log:
      Jul 1 12:52:54 openvpn 72500 OpenVPN 2.4.9 amd64-portbld-freebsd11.3 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on May 4 2020
      Jul 1 12:52:54 openvpn 72500 library versions: OpenSSL 1.0.2u-freebsd 20 Dec 2019, LZO 2.10
      Jul 1 12:52:54 openvpn 72762 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
      Jul 1 12:52:54 openvpn 72762 Initializing OpenSSL support for engine 'rdrand'
      Jul 1 12:52:54 openvpn 72762 TUN/TAP device ovpns2 exists previously, keep at program end
      Jul 1 12:52:54 openvpn 72762 TUN/TAP device /dev/tun2 opened
      Jul 1 12:52:54 openvpn 72762 ioctl(TUNSIFMODE): Device busy (errno=16)
      Jul 1 12:52:54 openvpn 72762 /sbin/ifconfig ovpns2 192.168.121.129 192.168.121.130 mtu 1500 netmask 255.255.255.128 up
      Jul 1 12:52:54 openvpn 72762 /usr/local/sbin/ovpn-linkup ovpns2 1500 1621 192.168.121.129 255.255.255.128 init
      Jul 1 12:52:54 openvpn 72762 UDPv4 link local (bound): [AF_INET]2xx.xx.xx.xx:1195
      Jul 1 12:52:54 openvpn 72762 UDPv4 link remote: [AF_UNSPEC]
      Jul 1 12:52:54 openvpn 72762 Initialization Sequence Completed
      Jul 1 12:58:36 openvpn 67760 event_wait : Interrupted system call (code=4)
      Jul 1 12:58:36 openvpn 67760 /usr/local/sbin/ovpn-linkdown ovpns1 1500 1621 192.168.121.1 255.255.255.128 init
      Jul 1 12:58:36 openvpn 67760 SIGTERM[hard,] received, process exiting
      Jul 1 12:58:37 openvpn 72762 event_wait : Interrupted system call (code=4)
      Jul 1 12:58:37 openvpn 72762 /usr/local/sbin/ovpn-linkdown ovpns2 1500 1621 192.168.121.129 255.255.255.128 init
      Jul 1 12:58:37 openvpn 72762 SIGTERM[hard,] received, process exiting

      Does anyone have an idea what it can be ?
      Where can I still download v2.4.5 and undo the patch ?

      Many thanks.
      Artur

      GertjanG 1 Reply Last reply Reply Quote 0
      • JeGrJ
        JeGr LAYER 8 Moderator
        last edited by

        Quick question: why should openvpn start at all on the standby node? Didn't you set it up, so it only runs on the active node? How should that work in case of a failover?

        Don't forget to upvote ๐Ÿ‘ those who kindly offered their time and brainpower to help you!

        If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

        M 1 Reply Last reply Reply Quote 0
        • GertjanG
          Gertjan @Mainzelman
          last edited by

          Also :

          @Mainzelman said in OpenVPN not longer starts after update to 2.4.5-p1:

          Jul 1 12:52:54 openvpn 72762 Initialization Sequence Completed

          ..... nearly 6 minutes pass ....

          Jul 1 12:58:36 openvpn 67760 event_wait : Interrupted system call (code=4)

          Can you see in the other logs if some event - like a interface event ( example NON exhaustive) - happened, what results in a OpenVPN Server restart (it should restart in such an event) - only the admin can actually stop a service - or an error condition.

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          M 1 Reply Last reply Reply Quote 1
          • M
            Mainzelman @JeGr
            last edited by

            @JeGr said in OpenVPN not longer starts after update to 2.4.5-p1:

            why should openvpn start at all on the standby node? Didn't you set it up, so it only runs on the active node? How should that work in case of a failover?

            Many thanks for the answer. As described, I use pfsense HA.
            The services run on both firewalls. Until the update to Patch1 it was like that.

            I will shut down the masters FW (tonight) and see if OpenVPN starts.

            For info only - even Snort has not started after the update. A complete uninstall and reinstallation have fixed the error.

            1 Reply Last reply Reply Quote 0
            • M
              Mainzelman @Gertjan
              last edited by

              @Gertjan
              Many thanks for answer. I also searched other logs - found nothing.

              1 Reply Last reply Reply Quote 0
              • M
                Mainzelman
                last edited by

                Hello everybody,
                I shutdown the Master FW last night.
                OpenVPN Service started directly on the backup (Slave) FW !

                Maybe I'm wrong - but I think before the update to 2.4.5-p1 the service had also started on the Backup FW.

                Thank you all.

                1 Reply Last reply Reply Quote 0
                • JeGrJ
                  JeGr LAYER 8 Moderator
                  last edited by

                  @Mainzelman said in OpenVPN not longer starts after update to 2.4.5-p1:

                  Maybe I'm wrong - but I think before the update to 2.4.5-p1 the service had also started on the Backup FW.

                  Shouldn't have been the case. The only case I know where they are started on both nodes is, if you bind them on a local VIP or localhost and forward your OVPN ports with Port Forward entries to that server. That is recommended with e.g. MultiWAN setups to have the ability to connect to the same server via multiple external IPs/WAN uplinks. As the server is bound to "localhost" it is always started/restarted on both nodes and waiting for connections (without getting into each others turf ;) ).

                  So seems to be working as intended ;)

                  Don't forget to upvote ๐Ÿ‘ those who kindly offered their time and brainpower to help you!

                  If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

                  1 Reply Last reply Reply Quote 1
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.