OpenVPN Crash after update
-
Hi,
I’m running a pfSense server on version 24.03 with OpenVPN, which has around 900 devices connected to it. The issue is that when I try to update it to the latest version of pfSense, OpenVPN appears to keep crashing/restarting, causing the VPN connections to drop.
I’ve tried updating multiple times with different pfSense versions, but I run into the same problem each time. Does anyone have an idea what could be causing this?
-
@PJHaan said in OpenVPN Crash after update:
Does anyone have an idea what could be causing this?
We'll have to come over and check your OpenVPN (server) log page ...... ?
What do you mean with "appears to" ?
And if it crashes ... what were the condition ? Who restarted the OpenVPN server ?
Sorry, with the info you've supplied I can't find a probable reason.900 connected users ... wow, that impressive. The local computer hobby club, or is these remote workers ?
I do presume Netgate doesn't 'delete' all the forum post mentioning failing OpenVPN servers from here. So the good news is the bad news : "OpenVPN server" is just fine, it's your settings.
So, can you tell us more ?
edit : is this the same OpenVPN server as mentioned here ? Overhere you were running 25.x -
This post is deleted! -
I have part of the logs from the last time we tried to perform the update.
What I mean by “appears to” is that when I go to the OpenVPN status page, it says “service not running, unable to contact daemon.” Then when I refresh the page, it seems to reconnect to the clients, but after that I get the same message again.They are all routers with equipment behind them that connect to a server that manages everything.
And no, it’s not the same server as before that one is running fine on the latest update.
-
This :
Feb 22 00:32:48 vpn1 openvpn[42646]: MANAGEMENT: Client connected from /var/etc/openvpn/server1/sock Feb 22 00:32:48 vpn1 openvpn[42646]: MANAGEMENT: TCP send error: Broken pipe Feb 22 00:32:48 vpn1 openvpn[42646]: MANAGEMENT: Client disconnectedIsn't a OpenVPN error.
You've probably the pfSense dashboard or the OpenVPN Status page open at that time, and every x seconds, the GUI connects to the OpenVPN server process using the socket "/var/etc/openvpn/server1/sock" so it can show 'connected users' in the GUI.
For some reason, something == the GUI connects = the first line, but then the communication failed, and the connection is closed.
Result : the "connected list" isn't updated with the correct info.
Btw : 900 connected OpenVPN clients/devices ?
All goes well with your openvpn server process ? ^^edit :
If I had to use 'openvpn' to allow 900 people to connect to local resources, I wouldn't use the pfSense OpenVPN at all, but use a dedicated 'server' device for that .... I guess. Never saw a situation like this, not sure what is needed to make that work.edit :
Look :
This 'Tynaarlo' guy connects 'all the time.
Every time with another IP ?
Are these several different sites using identical certificate/login credentials ?? that's IMHO, bad !! - every connection should use it's own unique cert. That is, that's how I should do it. -
Each router uses a unique certificate and its own login credentials.
“Tynaarlo” refers to the locality field in the certificate that was used when the OpenVPN server certificate was created, which is why it appears in the logs.
-
@PJHaan said in OpenVPN Crash after update:
Each router uses a unique certificat
Yeah .. thanks for getting back on that.
Disregard my last/previous edit. Clear enough (now), all those certificate are different, they are just based of the same named CA. -
@Gertjan Are there by any chance any other logs I can check?
