OpenVPN service not starting because of missing file

EnclustraIT

Hi Every one

pfSense version: 2.6.0-RELEASE (Not sure how many update are between the current version and the initial setup.)

After every restart OpenVPN service can't start. We get the following errors:

Status - System Logs - System - General
php-fpm 361 /status_services.php: The command '/usr/local/sbin/openvpn --config '/var/etc/openvpn/server1/config.ovpn'' returned exit code '1', the output was ''

Status - System Logs - OpenVPN
openvpn 84804 Options error: --client-config-dir fails with '/var/etc/openvpn-csc/server1': No such file or directory (errno=2)

The file exists but at another location. After we create a link to the file like this ln -s /var/etc/openvpn /var/etc/openvpn-csc
-> Now the OpenVPN services can be started again.

Does somebody know why this happens and how a can make at least the link persistent?

Gertjan

@EnclustraIT said in OpenVPN service not starting because of missing file:

/var/etc/openvpn-csc/....

Exists if you have something created here :

Client Specific Overrides = "csc"

IMHO, "/var/etc/openvpn-csc/." shouldn't exist.
It could be /var/etc/openvpn/openvpn-csc/.....

You should have a folder like this :

[23.09.1-RELEASE][root@pfSense.bhf.tld]/etc/inc: ls -al /var/etc/openvpn/server1/
total 30
drwxr-xr-x  4 root wheel   11 Dec  8 15:40 .
drwxr-x---  3 root wheel    3 Dec  8 15:40 ..
drwxr-xr-x  2 root wheel    3 Dec  8 15:40 ca
-rw-------  1 root wheel 1765 Dec  8 15:40 cert
-rw-------  1 root wheel 1273 Dec  8 15:40 config.ovpn
-rw-------  1 root wheel    1 Dec  8 15:40 connuserlimit
drwxr-xr-x  2 root wheel    2 Dec  8 15:40 csc
-rw-------  1 root wheel    3 Dec  8 15:40 interface
-rw-------  1 root wheel 1704 Dec  8 15:40 key
srwxrwxrwx  1 root wheel    0 Dec  8 15:40 sock
-rw-------  1 root wheel  657 Dec  8 15:40 tls-crypt

The good side of things, you've found a perfect reason to clean up : upgrade to 2.7.2.

EnclustraIT

@Gertjan
Thanks for the answer.
We had something like that. I deleted the override because it was for something where I could find not reason anymore. But the issue is from before I deleted the override.

/var/etc/openvpn/server1:
drwxr-xr-x 2 root wheel 512 Mar 30 2023 ca
-rw------- 1 root wheel 2118 Mar 30 2023 cert
-rw------- 1 root wheel 1460 Mar 23 2023 config.BK
-rw------- 1 root wheel 1460 Mar 30 2023 config.ovpn
drwxr-xr-x 2 root wheel 512 Mar 23 2023 csc
-rw------- 1 root wheel 4 Mar 30 2023 interface
-rw------- 1 root wheel 1708 Mar 30 2023 key
srwxrwxrwx 1 root wheel 0 Mar 30 2023 sock
-rw------- 1 root wheel 657 Mar 30 2023 tls-auth

Is it possible that client overrides could point to a VPN configuration which doesn't exist anymore and so creates this behavior?
The issue is already before with 2.5. We are on 2.6. Do you really think the upgrade helps?

viragomann

@EnclustraIT
If you add a CSO the path to the file is added to the client config.
I can imagine, that do some changes and the server config, e.g. verbosity level, and save it will rewrite the server config without the client file path.

EnclustraIT

@viragomann
Hmm, not sure I already did that. But let's see. Thanks.